Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Clicker.phk, Trojan Horse Bho.r


  • This topic is locked This topic is locked
35 replies to this topic

#1 nrk

nrk

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 21 August 2008 - 06:57 PM

I have AVG on my computer - with Windows XP I keep getting messages saying that there are infections. I have tried everything to remove them. I have gone through all of your steps and am extremely frustrated

Virus name: Trojan Horse Clicker.PHK
Path to file: C:\WINDOWS\system32\dswaven.dll

Virus name: Trojan Horse BHO.R
C:\WINDOWS\system 32\asycfiltm.dll

I have been trying to solve this for months now and have tried everything. I would greatly appreciate if someone could tell me what this is and how I can get rid of it.

Thanks.
NRK



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:44 PM, on 8/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 203.85.123.8 CJHQServer
O1 - Hosts: 206.47.125.6 torras01 torras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.47.125.10 cmnhub02 cmnhub02.cmncanada.com # SMTP Outbound Mail
O1 - Hosts: 206.47.125.11 cmnhub01 cmnhub01.cmncanada.com # Notes Replication Hub
O1 - Hosts: 206.47.125.14 cmncas01 cmncas01.camcanada.com # Corporate Services Notes Server
O1 - Hosts: 206.47.125.16 torftp01 torftp01.cmncanada.com # FTP site
O1 - Hosts: 206.47.125.19 torcos01 torcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.47.125.28 cmnext01
O1 - Hosts: 206.47.125.9 cmnnw01
O1 - Hosts: 206.47.127.40 tornwnt1
O1 - Hosts: 206.47.127.42 TORNWNT2
O1 - Hosts: 206.47.128.40 tornwwt1
O1 - Hosts: 206.47.128.41 tornwwt2
O1 - Hosts: 206.47.125.23 cmnspx01
O1 - Hosts: 206.47.125.88 spex
O1 - Hosts: 206.47.125.17 cmnmail
O1 - Hosts: 206.47.125.135 cmnmail01
O1 - Hosts: 206.47.125.24 dts
O1 - Hosts: 206.47.125.7 firewall
O1 - Hosts: 206.47.125.165 develop2
O1 - Hosts: 206.47.125.45 cmncas02
O1 - Hosts: 206.47.125.27 legend_dev2
O1 - Hosts: 206.47.125.46 ntserver
O1 - Hosts: 206.47.125.180 cmndts
O1 - Hosts: 206.47.125.83 CMNNTBB1
O1 - Hosts: 206.47.125.34 CMNTST06
O1 - Hosts: 206.47.125.31 CMNTST05 # New Test Server cf. cmntst5
O1 - Hosts: 206.47.125.31 CMNTST5 # New Test Server cf. cmntst05
O1 - Hosts: 206.47.125.69 cmntst08 # Test Server for data storage
O1 - Hosts: 206.47.125.61 cmndbs01
O1 - Hosts: 206.47.125.36 cmndbs02
O1 - Hosts: 206.47.125.46 ntserver
O1 - Hosts: 206.47.125.41 cmnctx03 # Citrix test server
O1 - Hosts: 206.47.125.25 coreqa # CORE test/devl server
O1 - Hosts: 206.47.125.153 coretrain # CORE Training server
O1 - Hosts: 206.47.125.8 cmnctx01 # Citrix prod. server - internal address
O1 - Hosts: 207.139.197.182 # Citrix prod. server - external address
O1 - Hosts: 209.167.55.49 # FTP site (External Address)
O1 - Hosts: 203.18.180.32 CIAPHUB01
O1 - Hosts: 206.47.125.117 CMNNTEP01
O1 - Hosts: 172.16.7.64 SYDIIS01.COLLIERS.COM
O1 - Hosts: 206.47.125.133 CAS
O1 - Hosts: 206.47.125.63 cmnhub03
O1 - Hosts: 206.47.125.55 corp-dc01
O1 - Hosts: 206.47.125.57 corp-dc02
O1 - Hosts: 206.47.125.59 corp-dc03
O1 - Hosts: 206.47.125.61 corp-dc04
O1 - Hosts: 206.47.125.57 dev2000
O1 - Hosts: 206.47.125.20 tester
O1 - Hosts: 206.47.129.6 vanras01 vanras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.47.129.11 vannts01 vannts01.cmncanada.com # Notes server
O1 - Hosts: 206.47.129.13 vancos01 vancos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.2.6 calras01 calras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.2.11 calnts01 calnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.61.2.19 calcos01 calcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.66.6 vicras01 vicras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.66.11 vicnts01 vicnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.61.66.19 viccos01 viccos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.65.6 edmras01 edmras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.65.11 edmnts01 edmnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.61.65.19 edmcos01 edmcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.63.6 monras01 monras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.63.11 monnts01 monnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.61.63.19 moncos01 moncos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.64.6 ottras01 ottras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.64.11 ottnts01 ottnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.236.53.6 sasras01 sasras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.236.53.11 sasnts01 sasnts01.cmncanada.com # Notes Server
O1 - Hosts: 206.182.142.6 searas01 searas01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.142.11 seants01 seants01.cmncanada.com # Notes server
O1 - Hosts: 206.182.142.19 seacos01 seacos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.182.129.6 sdgras01 sdgras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.129.11 sdgnts01 sdgnts01.cmncanada.com # Notes server
O1 - Hosts: 206.182.129.19 sdgcos01 sdgcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.182.176.6 sfrras01 sfrras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.176.11 sfrnts01 sfrnts01.cmncanada.com # Notes Server
O1 - Hosts: 206.182.176.19 sfrcos01 sfrcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.182.177.6 sacras01 sacras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.177.11 sacnts01 sacnts01.cmncanada.com # Notes Server
O1 - Hosts: 206.182.177.19 saccos01 saccos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.182.163.6 phoras01 phoras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.163.11 phonts01 phonts01.cmncanada.com # Notes Server
O1 - Hosts: 206.182.163.19 phocos01 phocos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.130.222 www.trebnet.net
O1 - Hosts: 203.18.176.138 colliersnetconnect.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#
O1 - Hosts: 203.18.176.138 colliersnetconnect #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FFFD22C-CE01-4E35-AADB-DCB5C27DF130} - c:\windows\system32\dswaven.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D7F5BAC-983D-43DE-A447-80F3C413D9AE} - C:\WINDOWS\system32\asycfiltm.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d05b3e02cdda4645bc28f9d2a5bd1765
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d05b3e02cdda4645bc28f9d2a5bd1765
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} - https://intuitcanada.ehosts.net/netagent/ob...s/custappx3.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0653
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\DOCUME~1\Naomi\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183219366359
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0642
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183219337546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0648
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0640
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\Software\..\Telephony: DomainName = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: sipdipgn - C:\WINDOWS\SYSTEM32\dswaven.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 19246 bytes

BC AdBot (Login to Remove)

 


m

#2 nrk

nrk
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 01 September 2008 - 08:12 PM

When can I expect to get a reply - its been 11 days.
Thanks.
NRK

#3 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 05 September 2008 - 12:44 PM

Hello nrk,

I apologise for the delay, the forum is too busy.

If you still need help, post a new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#4 nrk

nrk
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 05 September 2008 - 12:50 PM

I have not been using my laptop - I have been waiting for a response. Why do I have to post a new Hijackthis log. I have been waiting patiently and took all the steps I was told to do. Could you please respond to the log I sent. Thank you.

#5 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 05 September 2008 - 12:56 PM

Hi,

Scan saved at 7:39:44 PM, on 8/21/2008

It's been many days you posted a HijackThis log.
Even if the pc was not connected to the Internet, i need a new HijackThis log, so i will be able to help you.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#6 nrk

nrk
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 05 September 2008 - 08:00 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:55 PM, on 9/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 203.85.123.8 CJHQServer
O1 - Hosts: 206.47.125.6 torras01 torras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.47.125.10 cmnhub02 cmnhub02.cmncanada.com # SMTP Outbound Mail
O1 - Hosts: 206.47.125.11 cmnhub01 cmnhub01.cmncanada.com # Notes Replication Hub
O1 - Hosts: 206.47.125.14 cmncas01 cmncas01.camcanada.com # Corporate Services Notes Server
O1 - Hosts: 206.47.125.16 torftp01 torftp01.cmncanada.com # FTP site
O1 - Hosts: 206.47.125.19 torcos01 torcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.47.125.28 cmnext01
O1 - Hosts: 206.47.125.9 cmnnw01
O1 - Hosts: 206.47.127.40 tornwnt1
O1 - Hosts: 206.47.127.42 TORNWNT2
O1 - Hosts: 206.47.128.40 tornwwt1
O1 - Hosts: 206.47.128.41 tornwwt2
O1 - Hosts: 206.47.125.23 cmnspx01
O1 - Hosts: 206.47.125.88 spex
O1 - Hosts: 206.47.125.17 cmnmail
O1 - Hosts: 206.47.125.135 cmnmail01
O1 - Hosts: 206.47.125.24 dts
O1 - Hosts: 206.47.125.7 firewall
O1 - Hosts: 206.47.125.165 develop2
O1 - Hosts: 206.47.125.45 cmncas02
O1 - Hosts: 206.47.125.27 legend_dev2
O1 - Hosts: 206.47.125.46 ntserver
O1 - Hosts: 206.47.125.180 cmndts
O1 - Hosts: 206.47.125.83 CMNNTBB1
O1 - Hosts: 206.47.125.34 CMNTST06
O1 - Hosts: 206.47.125.31 CMNTST05 # New Test Server cf. cmntst5
O1 - Hosts: 206.47.125.31 CMNTST5 # New Test Server cf. cmntst05
O1 - Hosts: 206.47.125.69 cmntst08 # Test Server for data storage
O1 - Hosts: 206.47.125.61 cmndbs01
O1 - Hosts: 206.47.125.36 cmndbs02
O1 - Hosts: 206.47.125.46 ntserver
O1 - Hosts: 206.47.125.41 cmnctx03 # Citrix test server
O1 - Hosts: 206.47.125.25 coreqa # CORE test/devl server
O1 - Hosts: 206.47.125.153 coretrain # CORE Training server
O1 - Hosts: 206.47.125.8 cmnctx01 # Citrix prod. server - internal address
O1 - Hosts: 207.139.197.182 # Citrix prod. server - external address
O1 - Hosts: 209.167.55.49 # FTP site (External Address)
O1 - Hosts: 203.18.180.32 CIAPHUB01
O1 - Hosts: 206.47.125.117 CMNNTEP01
O1 - Hosts: 172.16.7.64 SYDIIS01.COLLIERS.COM
O1 - Hosts: 206.47.125.133 CAS
O1 - Hosts: 206.47.125.63 cmnhub03
O1 - Hosts: 206.47.125.55 corp-dc01
O1 - Hosts: 206.47.125.57 corp-dc02
O1 - Hosts: 206.47.125.59 corp-dc03
O1 - Hosts: 206.47.125.61 corp-dc04
O1 - Hosts: 206.47.125.57 dev2000
O1 - Hosts: 206.47.125.20 tester
O1 - Hosts: 206.47.129.6 vanras01 vanras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.47.129.11 vannts01 vannts01.cmncanada.com # Notes server
O1 - Hosts: 206.47.129.13 vancos01 vancos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.2.6 calras01 calras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.2.11 calnts01 calnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.61.2.19 calcos01 calcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.66.6 vicras01 vicras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.66.11 vicnts01 vicnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.61.66.19 viccos01 viccos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.65.6 edmras01 edmras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.65.11 edmnts01 edmnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.61.65.19 edmcos01 edmcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.63.6 monras01 monras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.63.11 monnts01 monnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.61.63.19 moncos01 moncos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.64.6 ottras01 ottras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.61.64.11 ottnts01 ottnts01.cmncanada.com # Notes Server
O1 - Hosts: 207.236.53.6 sasras01 sasras01.cmncanada.com # Remote Access Server
O1 - Hosts: 207.236.53.11 sasnts01 sasnts01.cmncanada.com # Notes Server
O1 - Hosts: 206.182.142.6 searas01 searas01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.142.11 seants01 seants01.cmncanada.com # Notes server
O1 - Hosts: 206.182.142.19 seacos01 seacos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.182.129.6 sdgras01 sdgras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.129.11 sdgnts01 sdgnts01.cmncanada.com # Notes server
O1 - Hosts: 206.182.129.19 sdgcos01 sdgcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.182.176.6 sfrras01 sfrras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.176.11 sfrnts01 sfrnts01.cmncanada.com # Notes Server
O1 - Hosts: 206.182.176.19 sfrcos01 sfrcos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.182.177.6 sacras01 sacras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.177.11 sacnts01 sacnts01.cmncanada.com # Notes Server
O1 - Hosts: 206.182.177.19 saccos01 saccos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 206.182.163.6 phoras01 phoras01.cmncanada.com # Remote Access Server
O1 - Hosts: 206.182.163.11 phonts01 phonts01.cmncanada.com # Notes Server
O1 - Hosts: 206.182.163.19 phocos01 phocos01.cmncanada.com # Core/DTS Server
O1 - Hosts: 207.61.130.222 www.trebnet.net
O1 - Hosts: 203.18.176.138 colliersnetconnect.com #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#
O1 - Hosts: 203.18.176.138 colliersnetconnect #ADDED BY F5 NETWORKS SSL TUNNEL - ORIGINAL RECORD#
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FFFD22C-CE01-4E35-AADB-DCB5C27DF130} - c:\windows\system32\dswaven.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D7F5BAC-983D-43DE-A447-80F3C413D9AE} - C:\WINDOWS\system32\asycfiltm.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d05b3e02cdda4645bc28f9d2a5bd1765
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d05b3e02cdda4645bc28f9d2a5bd1765
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} - https://intuitcanada.ehosts.net/netagent/ob...s/custappx3.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0653
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\DOCUME~1\Naomi\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183219366359
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0642
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183219337546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0648
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0640
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\Software\..\Telephony: DomainName = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: sipdipgn - C:\WINDOWS\SYSTEM32\dswaven.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 19486 bytes

#7 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 06 September 2008 - 02:45 AM

Hello nrk,

Firstly some questions for you:
  • Is this a business pc? If yes and you are not sure about my next 2 questions, please ask your IT department.
  • Did you deliberately put all 01 lines of HijackThis, in your Hosts files? Do you know what they are?
  • 017 lines
    Are those lines from your ISP or company network?
----------------------------------------------
REMOVE VIEWPOINT

You have Viewpoint, Viewpoint Manager, Viewpoint Media Player installed on your system. These programs are not malware but are considered as foistware instead of malware since they are installed without user's approval, and for this reason I recommend you remove them.

To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.
  • Do the same for each Viewpoint component.
----------------------------------------------
Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.
----------------------------------------------
Please visit this webpage for instructions for downloading ComboFix at your DESKTOP:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
Answer to my questions.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#8 nrk

nrk
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 06 September 2008 - 07:41 PM

This is a personal laptop. I used my laptop at my previous employer. When I left they were supposed to remove anything that had to do with them but I have always felt they did not. I do not know what the 01 lines are - can you explain. I just tried to do what you asked.

Attached please find as requested.

ComboFix 08-09-05.02 - KalevN 2008-09-06 19:59:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.557 [GMT -4:00]
Running from: C:\Documents and Settings\Naomi\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Naomi\Cookies\kalevn@www.cruisemates[2].txt
C:\WINDOWS\system32\dswaven.dll . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FAD
-------\Legacy_XGKFVBOE
-------\Service_xgkfvboe


((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-01 20:39 . 2008-09-01 20:39 <DIR> d-------- C:\Program Files\Bonjour
2008-09-01 20:38 . 2008-09-01 20:38 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-01 20:37 . 2008-09-01 20:37 <DIR> d-------- C:\Program Files\AirPort
2008-09-01 20:37 . 2008-09-01 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-21 19:38 . 2008-08-21 19:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 19:24 . 2008-08-21 19:24 <DIR> d-------- C:\Program Files\Sygate
2008-08-21 19:24 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-21 19:24 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-08-21 19:24 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-08-21 19:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-08-21 19:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-08-21 19:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-08-21 19:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-08-21 16:56 . 2008-08-21 18:00 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-21 15:30 . 2008-08-21 15:30 <DIR> d-------- C:\Program Files\Panda Security
2008-08-21 15:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-21 14:04 . 2008-08-21 15:28 <DIR> d-------- C:\Documents and Settings\Naomi\.housecall6.6
2008-08-21 09:20 . 2008-08-21 09:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-21 09:19 . 2008-08-21 09:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 07:29 . 2008-09-06 19:41 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-18 07:26 . 2008-09-06 19:35 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-18 07:26 . 2008-08-21 15:27 <DIR> d-------- C:\Documents and Settings\Naomi\Application Data\AVGTOOLBAR
2008-08-18 07:26 . 2008-09-06 19:34 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-18 07:26 . 2008-08-18 07:26 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-18 07:26 . 2008-08-18 07:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-16 21:33 . 2008-08-16 21:33 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-08-16 20:52 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-16 20:52 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 00:06 91,136 ----a-w C:\WINDOWS\system32\rbytkdu.dll
2008-09-06 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-23 02:07 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-21 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-21 17:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-21 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 15:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-18 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-18 11:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-18 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-17 02:10 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-17 02:10 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-17 01:14 --------- d-----w C:\Program Files\Yahoo!
2008-07-25 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-24 16:56 --------- d-----w C:\Documents and Settings\Naomi\Application Data\Uniblue
2008-07-24 16:55 --------- d-----w C:\Program Files\Uniblue
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-15 19:37 --------- d-----w C:\Documents and Settings\Naomi\Application Data\U3
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-26 08:15 619,520 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-06-26 08:15 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-23 15:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-23 15:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
2008-06-23 15:09 3,067,392 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-15 03:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-30 14:27 6,272 ----a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FFFD22C-CE01-4E35-AADB-DCB5C27DF130}]
2008-09-06 20:06 91136 --a------ c:\windows\system32\dswaven.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-01-11 5288960]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-17 98304]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2008-06-03 509224]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"AirPort Base Station Agent"="C:\Program Files\AirPort\APAgent.exe" [2007-08-08 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylockeduserid"= 2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3075291587-1974028832-3438797314-22609\Scripts\Logon\0\0]
"Script"=BROKERAGE.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3075291587-1974028832-3438797314-22609\Scripts\Logon\0\1]
"Script"=nremove.bat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
- [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 2005-10-07 08:13 176128 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-05 23:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 13:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-09-01 19:24 684032 C:\PROGRA~1\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport-]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-05-31 07:33 122941 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 18:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-03-23 19:26 217088 C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-02-21 11:17 970752 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-02-21 11:19 819200 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 18:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 10:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-03-14 14:38 335970 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-17 22:20 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-17 22:19 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 12:47 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AirPort\\APAgent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 ilcffezs;ilcffezs;C:\WINDOWS\system32\drivers\ilcffezs.sys [2004-08-04 23424]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-18 76040]
R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2005-12-15 28208]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\system32\drivers\urfltw2k.sys [2005-09-14 10256]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa50df3-d815-11dc-ac10-0016410b6c34}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{4D7F5BAC-983D-43DE-A447-80F3C413D9AE} - C:\WINDOWS\system32\asycfiltm.dll
Toolbar-ID - (no file)
MSConfigStartUp-MSI Configuration - msiconf.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\72jjvkgh.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 20:07:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-06 20:13:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-07 00:13:11

Pre-Run: 60,172,808,192 bytes free
Post-Run: 60,134,526,976 bytes free

283 --- E O F --- 2008-08-17 02:45:12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:42 PM, on 9/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AirPort\APAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FFFD22C-CE01-4E35-AADB-DCB5C27DF130} - c:\windows\system32\dswaven.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D7F5BAC-983D-43DE-A447-80F3C413D9AE} - C:\WINDOWS\system32\asycfiltm.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d05b3e02cdda4645bc28f9d2a5bd1765
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d05b3e02cdda4645bc28f9d2a5bd1765
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} - https://intuitcanada.ehosts.net/netagent/ob...s/custappx3.cab
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0653
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\DOCUME~1\Naomi\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183219366359
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0642
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183219337546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0648
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0640
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\Software\..\Telephony: DomainName = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14208 bytes


I hope this all helps. I want to thank you for your time and assistance. I really appreciate it.

I look forward to hearing from you.

NRK

#9 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 07 September 2008 - 02:22 AM

Hello nrk,

This is a personal laptop. I used my laptop at my previous employer. When I left they were supposed to remove anything that had to do with them but I have always felt they did not. I do not know what the 01 lines are - can you explain.

Looks that your previous employer didn't remove everything.
Normally this pc should be wiped out, the Hard Drive should be formatted, and a clean install should be made before it was handed to you.

A little explanation about Hosts Files. The 01 Hosts files were definitely put there by your previous employer's IT department.
[edit]The hosts files were removed, so no need for us to do anything[/edit]

What about 017 lines?

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\Software\..\Telephony: DomainName = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.corp.local

I believe this was set by your ex employer's IT's.

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com

Is this your ISP provider or company network?
(That means your Internet supplier)

http://www.aboutus.org/Rogers.com

I will need some time to check your reports.
Meanwhile please let me know about 017 lines, as i separated them.

Edited by chryssi2001, 07 September 2008 - 03:18 AM.

Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#10 nrk

nrk
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 07 September 2008 - 06:41 AM

Thank you for your response.

Should I have reactivated my antivirus etc?


Regarding the first set of 017 lines - I have no idea what they are. I do not recognize the name at all.

Rogers is my internet provider - I don't know if it was my last company's provider as well but I am using them now.

I do have a question, as per Bleeping Computer website when I tried everything first, I put on Sygate Firewall, I am constantly getting notifications of traffic trying to get in and out. Most of the names I have no idea what they are so I block them but I am afraid I do not know what I am doing. Is there some rule I should know - ie how to know what to block and what to allow?

Thank you again.

NRK

#11 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 07 September 2008 - 09:14 AM

Hello nrk,

Rogers is my internet provider - I don't know if it was my last company's provider as well but I am using them now.

Ok.

I do have a question, as per Bleeping Computer website when I tried everything first, I put on Sygate Firewall, I am constantly getting notifications of traffic trying to get in and out. Most of the names I have no idea what they are so I block them but I am afraid I do not know what I am doing. Is there some rule I should know - ie how to know what to block and what to allow?

Yes firewall does that to protect you.
You have to google the file names, so you are sure they are legit before alowing them.
If they are ok, and you allow them, slowly your firewall will recognise them and won't give the warning for the same files.
Tutorial about Firewalls can be found here
Check also if Sygate firewall has any help file and read it.

Should I have reactivated my antivirus etc?

Your antivirus should be reactivated by it'self, as soon as Combofix reboots your pc. If it doesn't activate it.
Remember all protection programs should be disabled before running Combofix.

Please keep Spybot disabled as per my instructions, untill we finish cleaning your pc, otherwise our fixes will fail.
----------------------------------------------
In my previous post, before running Combofix i asked you to disable Spybot S&D, because it can interfere with Combofix running and the fixes we'll need to make to clean your pc.

Your latest HijackThis show Spybot's Tea-Timer enabled.
Please see my previous instructions here and disable Spybot.
Reboot your pc after doing that.

It's important to do it before the next step.
If you have problem to disable Spybot, please completely uninstall it, and you can install it after we finish.
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/customi.../search/ie.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {4D7F5BAC-983D-43DE-A447-80F3C413D9AE} - C:\WINDOWS\system32\asycfiltm.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0653
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0642
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0648
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - https://www.colliersnetconnect.com/vdesk/te...00,0,60606,0640
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\Software\..\Telephony: DomainName = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.corp.local


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
COMBOFIX-Script
A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    http://www.bleepingcomputer.com/forums/t/164684/trojan-horse-clickerphk-trojan-horse-bhor/?p=937207
    
    Collect::
    C:\WINDOWS\system32\rbytkdu.dll
    c:\windows\system32\dswaven.dll
    C:\WINDOWS\system32\drivers\ilcffezs.sys
    
    Folder::
    C:\Program Files\AskTBar
    
    Driver::
    ilcffezs
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0FFFD22C-CE01-4E35-AADB-DCB5C27DF130}]
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------------------------------------------
Post back:
Combofix report.
A new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#12 nrk

nrk
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 07 September 2008 - 11:06 AM

Thank you for your response. Due to a family emergency I will deal with this Wednesday morning.

I did what you said with Spybot - I am sorry it didn't work I will go back and check it and do everything as you asked on Wednesday.

Thank you again.

NRK

#13 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 07 September 2008 - 12:00 PM

Hello nrk,

I hope all goes well with the family emergency.

Please be sure you will reboot after disabling Spybot.
If you have problems following the instructions, uninstall it please.

I'll wait for your reports.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.

#14 nrk

nrk
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 11 September 2008 - 07:32 AM

I'm back. Thank you for your patience.

ComboFix 08-09-10.04 - KalevN 2008-09-11 8:20:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.500 [GMT -4:00]
Running from: C:\Documents and Settings\Naomi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Naomi\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar\2.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\Cache\0003FF31
C:\Program Files\AskTBar\bar\Cache\000AAD85
C:\Program Files\AskTBar\bar\Cache\0017DC17.bin
C:\Program Files\AskTBar\bar\Cache\0017DCC3.bin
C:\Program Files\AskTBar\bar\Cache\0017DE1B.bin
C:\Program Files\AskTBar\bar\Cache\0017DFB1.bin
C:\Program Files\AskTBar\bar\Cache\0017EB4A.bin
C:\Program Files\AskTBar\bar\Cache\0017EC15.bin
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\bar\Settings\prevcfg2.htm
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\WINDOWS\system32\drivers\ilcffezs.sys
c:\windows\system32\dswaven.dll
C:\WINDOWS\system32\rbytkdu.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILCFFEZS
-------\Service_ilcffezs


((((((((((((((((((((((((( Files Created from 2008-08-11 to 2008-09-11 )))))))))))))))))))))))))))))))
.

2008-09-01 20:39 . 2008-09-01 20:39 <DIR> d-------- C:\Program Files\Bonjour
2008-09-01 20:38 . 2008-09-01 20:38 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-01 20:37 . 2008-09-01 20:37 <DIR> d-------- C:\Program Files\AirPort
2008-09-01 20:37 . 2008-09-01 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-08-21 19:38 . 2008-08-21 19:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-21 19:24 . 2008-08-21 19:24 <DIR> d-------- C:\Program Files\Sygate
2008-08-21 19:24 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-08-21 19:24 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-08-21 19:24 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-08-21 19:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-08-21 19:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-08-21 19:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-08-21 19:24 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-08-21 16:56 . 2008-08-21 18:00 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-21 15:30 . 2008-08-21 15:30 <DIR> d-------- C:\Program Files\Panda Security
2008-08-21 15:30 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-21 14:04 . 2008-08-21 15:28 <DIR> d-------- C:\Documents and Settings\Naomi\.housecall6.6
2008-08-21 09:20 . 2008-08-21 09:20 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-21 09:19 . 2008-08-21 09:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 07:29 . 2008-09-06 22:59 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-18 07:26 . 2008-09-11 07:11 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-18 07:26 . 2008-08-21 15:27 <DIR> d-------- C:\Documents and Settings\Naomi\Application Data\AVGTOOLBAR
2008-08-18 07:26 . 2008-09-06 19:34 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-18 07:26 . 2008-08-18 07:26 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-18 07:26 . 2008-08-18 07:26 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-16 21:33 . 2008-08-16 21:33 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-08-16 20:52 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-16 20:52 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-11 11:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-11 11:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-06 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-23 02:07 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-21 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-18 15:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-18 14:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-18 11:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-18 01:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-17 02:10 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-17 02:10 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-17 01:14 --------- d-----w C:\Program Files\Yahoo!
2008-07-25 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-24 16:56 --------- d-----w C:\Documents and Settings\Naomi\Application Data\Uniblue
2008-07-24 16:55 --------- d-----w C:\Program Files\Uniblue
2008-07-15 19:37 --------- d-----w C:\Documents and Settings\Naomi\Application Data\U3
2008-03-15 03:28 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-30 14:27 6,272 ----a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
.

((((((((((((((((((((((((((((( snapshot@2008-09-06_20.12.44.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-11 12:24:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_734.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D7F5BAC-983D-43DE-A447-80F3C413D9AE}]
C:\WINDOWS\system32\asycfiltm.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" [2007-01-11 5288960]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-17 98304]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2008-06-03 509224]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"AirPort Base Station Agent"="C:\Program Files\AirPort\APAgent.exe" [2007-08-08 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylockeduserid"= 2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3075291587-1974028832-3438797314-22609\Scripts\Logon\0\0]
"Script"=BROKERAGE.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3075291587-1974028832-3438797314-22609\Scripts\Logon\0\1]
"Script"=nremove.bat

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
- [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra------ 2005-10-07 08:13 176128 C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-08-05 23:05 344064 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 13:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2005-09-01 19:24 684032 C:\PROGRA~1\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport-]
--a------ 2007-03-15 11:09 460784 C:\Program Files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-05-31 07:33 122941 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 18:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2005-03-23 19:26 217088 C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2007-02-21 11:17 970752 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2007-02-21 11:19 819200 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
--a------ 2006-02-17 12:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 04:40 218032 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 04:40 218032 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 04:40 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
--a------ 2005-08-12 18:16 1121792 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 10:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2005-03-14 14:38 335970 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-02-17 22:20 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2006-02-17 22:19 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-27 12:47 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AirPort\\APAgent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-06 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-18 76040]
R3 urvpndrv;F5 Networks VPN Adapter;C:\WINDOWS\system32\DRIVERS\urvpndrv.sys [2005-12-15 28208]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\WINDOWS\system32\drivers\urfltw2k.sys [2005-09-14 10256]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fa50df3-d815-11dc-ac10-0016410b6c34}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - ILCFFEZS
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-11 08:25:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNDSrvc]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-09-11 8:30:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-11 12:30:19
ComboFix2.txt 2008-09-07 00:13:20

Pre-Run: 60,233,482,240 bytes free
Post-Run: 60,224,634,880 bytes free

260 --- E O F --- 2008-08-17 02:45:12






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:41 AM, on 9/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AirPort\APAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4D7F5BAC-983D-43DE-A447-80F3C413D9AE} - C:\WINDOWS\system32\asycfiltm.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe" -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?d05b3e02cdda4645bc28f9d2a5bd1765
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?d05b3e02cdda4645bc28f9d2a5bd1765
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} - https://intuitcanada.ehosts.net/netagent/ob...s/custappx3.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\DOCUME~1\Naomi\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183219366359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183219337546
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\Software\..\Telephony: DomainName = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = mtnk.phub.net.cable.rogers.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11975 bytes





Looking forward to hearing from you.
thanks again,

NRK

#15 chryssi2001

chryssi2001

  • Members
  • 1,930 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 11 September 2008 - 11:32 AM

Hello nrk,

I'm back. Thank you for your patience.

You are welcome, i hope all is well now.
----------------------------------------------
Safe Mode

Print out these instructions or save them into a notepad on your desktop, because you will not have internet access while in Safe Mode.
Go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
----------------------------------------------
FIX HIJACKTHIS ENTRIES

Open up Hijackthis.
Click on do a system scan only.
Place a checkmark next to these lines(if still present).

O2 - BHO: (no name) - {4D7F5BAC-983D-43DE-A447-80F3C413D9AE} - C:\WINDOWS\system32\asycfiltm.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\Software\..\Telephony: DomainName = na.corp.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.corp.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.corp.local


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.
----------------------------------------------
Reboot in normal mode.
Post back a new HijackThis log.
Posted Image
Private Messages for personal support will be ignored. If you need help post in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users