Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do Not Know What Kind Of Malware Hijack This Is (log Posting)


  • This topic is locked This topic is locked
20 replies to this topic

#1 movinginslomo

movinginslomo

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 06 September 2008 - 08:48 AM

problems: when using firefox 2.0 (I do not like internet explorer) google redirects it's links, many pages related to spyware and virus removal are not found (including this forum! I am browsing on my father's computer) AVG (lavasoft) will not run. system restore, will not run. gmail, will not load properly, I have to view it in HTML mode. sites such as youtbe, crawl or stall. computer as a whole has slowed. I do not know what type of virus/malware this is, I'm assuming it's some sort of hijack. this also happens with internet explorer. ANY HELP APPRECIATED

hijackthis log as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:58:23 PM, on 9/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\windows\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [\\MIKEY\EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P35 "\\MIKEY\EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://redirect.hp.com/presario/hp.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0476d0b866a86a...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144111007406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144110986312
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E6F0-1846-4054-9A64-6E3ED475A516}: NameServer = 192.168.2.1,192.160.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12242 bytes

Edited by movinginslomo, 06 September 2008 - 08:50 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 PM

Posted 22 September 2008 - 01:33 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems. If your problem has been resolved, please post a reply letting us know so we can close your topic.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

#3 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 06 October 2008 - 09:10 PM

hi, I was going to make a new thread but rather I'll reply to this. malwarebytes anti-malware cleared the problem but all is not good and a new problem has arisen.

I have the fake windows security pop-up. I'm unable to run the trial version of AVG anti-virus, and my computer has been slighty off ever since removing the previous malware. If you have any recomendations for free anti-virus scanners i'd appreicated it, I'm financially strapped.
current hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:55 PM, on 10/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ps2.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\ancbapwf.exe
C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.daemonsearch.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [\MIKEY\EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P35 "\\MIKEY\EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MntApl] C:\windows\system32\ancbapwf.exe
O4 - HKCU\..\Run: [actgen] C:\windows\system32\ruhchije.exe
O4 - HKLM\..\Policies\Explorer\Run: [1FRqwcD0C2] C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://redirect.hp.com/presario/hp.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0476d0b866a86a...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144111007406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144110986312
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E6F0-1846-4054-9A64-6E3ED475A516}: NameServer = 192.168.2.1,192.160.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O21 - SSODL: DscSysUtil - {2E5A65BB-B055-C0DD-0118-09975F2EE086} - C:\Program Files\uqbjlwd\DscSysUtil.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13476 bytes

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 PM

Posted 07 October 2008 - 11:55 AM

Please visit the following link and use the instructions there to post a ComboFix log as a reply to this topic:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

When following the instructions please install the Windows XP Recovery Console if you are using XP.

After running ComboFix, please post the ComboFix log as well as a brand new HijackThis as a reply to this topic.

#5 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 07 October 2008 - 02:09 PM

I get the following error message when trying to run combofix:
Posted Image

it is worth noting I have used adaware, spybot, stinger, and malwarebyte's anti-malware already

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 PM

Posted 08 October 2008 - 09:38 AM

Are you running combofix as an administrator?

#7 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 08 October 2008 - 11:40 AM

phew ok.

combofix log

ComboFix 08-10-07.01 - Owner 2008-10-08 11:24:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.
/wow section - STAGE 9
The requested operation cannot be performed on a file with a user-mapped section open.

/wow section - STAGE 10
The process cannot access the file because it is being used by another process.


/wow section - STAGE 15
The process cannot access the file because it is being used by another process.


/wow section - STAGE 21
The process cannot access the file because it is being used by another process.

/wow section - STAGE 24
The process cannot access the file because it is being used by another process.


/wow section - STAGE 32
The process cannot access the file because it is being used by another process.


/wow section - STAGE 33
The process cannot access the file because it is being used by another process.

/wow section - STAGE 35
The process cannot access the file because it is being used by another process.


/wow section - STAGE 41
The process cannot access the file because it is being used by another process.

[vfind, 5.2 2002-11-15]




/wow section - STAGE 47
The process cannot access the file because it is being used by another process.
being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.

2008-10-08 11:20 . 2008-10-08 11:21 <DIR> d-------- C:\32788R22FWJFW
2008-10-07 19:58 . 2008-10-07 19:58 19,358 --a------ C:\WINDOWS\kahyhitade.bin
2008-10-07 19:58 . 2008-10-07 19:58 19,251 --a------ C:\Program Files\Common Files\umaz.sys
2008-10-07 19:58 . 2008-10-07 19:58 15,699 --a------ C:\Documents and Settings\Owner\Application Data\jumujoxy.sys
2008-10-07 19:58 . 2008-10-07 19:58 15,551 --a------ C:\WINDOWS\system32\lixyvohaf.pif
2008-10-07 19:58 . 2008-10-07 19:58 14,037 --a------ C:\Documents and Settings\All Users\Application Data\niwenura.com
2008-10-07 19:58 . 2008-10-07 19:58 13,495 --a------ C:\WINDOWS\system32\saza.pif
2008-10-07 19:58 . 2008-10-07 19:58 12,961 --a------ C:\WINDOWS\system32\umem.vbs
2008-10-07 19:58 . 2008-10-07 19:58 12,382 --a------ C:\Documents and Settings\Owner\Application Data\wydo.bin
2008-10-07 19:58 . 2008-10-07 19:58 11,800 --a------ C:\WINDOWS\yxazyp._sy
2008-10-07 19:58 . 2008-10-07 19:58 11,531 --a------ C:\WINDOWS\apuha.dl
2008-10-07 19:58 . 2008-10-07 19:58 10,423 --a------ C:\Documents and Settings\Owner\Application Data\ekega.bin
2008-10-07 19:57 . 2008-10-07 19:58 <DIR> d-------- C:\Program Files\XP_AntiSpyware
2008-10-07 19:57 . 2008-10-04 21:40 196,823 --a------ C:\WINDOWS\system32\_scui.cpl
2008-10-07 18:44 . 2008-10-07 18:44 65,428 --a------ C:\WINDOWS\system32\wini104552502.exe
2008-10-07 18:39 . 2008-10-07 18:39 10,240 --a------ C:\WINDOWS\system32\brastk.exe
2008-10-06 06:39 . 2008-10-06 06:39 98,304 --a------ C:\WINDOWS\system32\ruhchije.exe
2008-10-05 18:39 . 2008-10-05 18:39 <DIR> d-------- C:\Program Files\uqbjlwd
2008-10-05 18:38 . 2008-10-05 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ixcvqvkn
2008-10-05 18:38 . 2008-10-05 18:38 94,208 --a------ C:\WINDOWS\system32\ancbapwf.exe
2008-10-05 15:36 . 2008-10-05 15:36 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-10-04 18:46 . 2008-10-05 15:34 577 --a------ C:\WINDOWS\system32\CommPipe.bak
2008-10-04 18:46 . 2008-10-05 15:34 468 --a------ C:\WINDOWS\system32\SbLsp.bak
2008-10-04 18:45 . 2008-10-05 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Speedbit
2008-10-02 20:08 . 2008-10-02 20:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-02 20:05 . 2008-10-02 20:05 <DIR> d-------- C:\Program Files\Microsoft
2008-10-02 19:53 . 2008-10-02 19:53 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-30 14:23 . 2008-09-30 14:23 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-09-30 14:23 . 2008-09-30 14:18 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 23:58 15,661 ----a-w C:\Program Files\Common Files\fyhuqif._sy
2008-10-07 22:44 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-10-06 22:34 --------- d-----w C:\Program Files\AIMTunes
2008-10-05 19:34 --------- d-----w C:\Program Files\iTunes
2008-10-05 19:34 --------- d-----w C:\Program Files\Bonjour
2008-10-05 18:37 --------- d-----w C:\Program Files\Soulseek
2008-10-04 23:35 --------- d-----w C:\Program Files\MSN Messenger
2008-10-04 23:35 --------- d-----w C:\Program Files\MessengerDiscovery
2008-10-04 22:58 --------- d-----w C:\Program Files\SightSpeed
2008-10-03 00:19 --------- d-----w C:\Program Files\Windows Live
2008-09-30 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-30 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 18:52 --------- d-----w C:\Program Files\InterVideo
2008-09-30 18:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\CyberLink
2008-09-30 18:21 --------- d-----w C:\Program Files\CyberLink
2008-09-18 15:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-09-07 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-07 01:09 97,928 ----a-w C:\windows\system32\drivers\avgldx86.sys
2008-09-07 01:09 76,040 ----a-w C:\windows\system32\drivers\avgtdix.sys
2008-09-07 01:09 12,936 ----a-w C:\windows\system32\drivers\avgrkx86.sys
2008-09-07 01:09 --------- d-----w C:\Program Files\AVG
2008-09-06 23:43 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 23:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-06 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 01:28 20,480 ----a-w C:\windows\Internet Logs\xDB49.tmp
2008-09-05 19:56 287,744 ----a-w C:\windows\WLXPGSS.SCR
2008-09-05 19:37 --------- d-----w C:\Program Files\Save!
2008-09-05 17:18 4,615,680 ----a-w C:\windows\Internet Logs\xDB48.tmp
2008-09-05 17:12 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-09-05 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 15:57 --------- d-----w C:\Program Files\Lavasoft
2008-09-05 15:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 04:31 17,920 ----a-w C:\windows\Internet Logs\xDB47.tmp
2008-09-05 01:40 4,599,808 ----a-w C:\windows\Internet Logs\xDB46.tmp
2008-09-05 01:26 15,360 ----a-w C:\windows\Internet Logs\xDB45.tmp
2008-09-05 01:13 4,596,736 ----a-w C:\windows\Internet Logs\xDB44.tmp
2008-09-05 01:12 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2008-09-05 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 00:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-04 16:36 4,595,200 ----a-w C:\windows\Internet Logs\xDB42.tmp
2008-09-04 16:36 22,016 ----a-w C:\windows\Internet Logs\xDB43.tmp
2008-09-04 16:27 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-03 12:04 17,408 ----a-w C:\windows\Internet Logs\xDB41.tmp
2008-09-03 06:04 4,553,216 ----a-w C:\windows\Internet Logs\xDB40.tmp
2008-09-03 04:41 4,557,824 ----a-w C:\windows\Internet Logs\xDB3E.tmp
2008-09-03 04:41 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Yahoo!
2008-09-02 04:16 38,528 ----a-w C:\windows\system32\drivers\mbamswissarmy.sys
2008-09-02 04:16 17,200 ----a-w C:\windows\system32\drivers\mbam.sys
2008-08-31 00:13 29,696 ----a-w C:\windows\Internet Logs\xDB3F.tmp
2008-08-17 21:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
.
<pre>
----a-w				 0 2008-01-15 01:43:33  C:\Documents and Settings\Owner\Desktop\stuff\VST & DX Softsynth & Effects Mega Pack\Lexicon PSP 42 v1.0 .exe
----a-w				 0 2008-01-15 01:43:33  C:\Documents and Settings\Owner\Desktop\stuff\VST & DX Softsynth & Effects Mega Pack\NI FM7 Synth Native instruments .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2003-05-16 851968]
"SightSpeed"="C:\Program Files\SightSpeed\SightSpeed.exe" [2008-07-18 4770616]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Aim6"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\windows\UpdReg.EXE" [2000-05-11 90112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 118784]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 185632]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [N/A]
"\MIKEY\EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-10-05 2705008]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"1FRqwcD0C2"="C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe" [2008-10-05 73728]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-09-29 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-30 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-30 110592]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-01-26 16384]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-12-25 888832]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= evolusbn.dll
"midi3"= evolusbn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iPodder.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\iPodder.lnk
backup=C:\windows\pss\iPodder.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
--a------ 2003-10-10 04:27 257024 C:\Program Files\HistoryKill\histkill.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-03 21:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\DOSBox-0.61\\dosbox.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\ZDaemon\\zlauncher.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Skulltag\\IdeSE.exe"=
"C:\\Program Files\\Skulltag\\skulltag.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3500:TCP"= 3500:TCP:k-lite
"10001:TCP"= 10001:TCP:BT
"10000:TCP"= 10000:TCP:BT
"10002:UDP"= 10002:UDP:BT
"10003:TCP"= 10003:TCP:BT
"10004:UDP"= 10004:UDP:BT
"10005:TCP"= 10005:TCP:BT
"10006:TCP"= 10006:TCP:BT
"10007:TCP"= 10007:TCP:BT
"10008:TCP"= 10008:TCP:BT
"10009:UDP"= 10009:UDP:BT
"10010:TCP"= 10010:TCP:BT

R0 AvgRkx86;avgrkx86.sys;C:\windows\system32\Drivers\avgrkx86.sys [2008-09-06 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\windows\system32\Drivers\avgldx86.sys [2008-09-06 97928]
R1 GearAspiSys;GearAspiSys;C:\windows\system32\drivers\gearaspisys.sys [2002-06-24 53412]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\windows\system32\Drivers\avgtdix.sys [2008-09-06 76040]
R2 DVDAccss;DVDAccss;C:\windows\system32\drivers\DVDAccss.sys [2003-11-21 29156]
R2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 106496]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-10-05 292472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 DCamUSBVeo532;Veo Web Camera;C:\windows\system32\Drivers\ubVeo532.sys [2002-07-01 95232]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]
S2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [ ]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);C:\windows\system32\DRIVERS\BEL6001P.sys [2002-11-06 78720]
S3 emuumidi;E-MU USB-MIDI Driver;C:\windows\system32\drivers\emuumidi.sys [2005-04-26 36736]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\windows\system32\drivers\evolusb.sys [2004-10-20 21984]
S3 NvnUsbAudio;NvnUsbAudio;C:\windows\system32\drivers\nvnusbaudio.sys [2006-12-22 22784]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;C:\WINDOWS\system32\pcand5bk.SYS [2002-09-19 15104]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-10-02 C:\windows\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-10-04 C:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\PROGRA~1\NORTON~1\Navw32.exe [2003-08-18 03:34]

2008-10-08 C:\windows\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-19 04:17]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ucsxmdym.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-08 11:33:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\TDSSserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"
.
Completion time: 2008-10-08 11:45:45
ComboFix-quarantined-files.txt 2008-10-08 15:45:26

Pre-Run: 89,224,101,888 bytes free
Post-Run: 89,219,219,456 bytes free

15154 --- E O F --- 2008-10-05 07:00:55


and

fresh hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:34 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\windows\system32\brastk.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\popkpmxm.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\wuauclt.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = file://C:\PROGRA~1\SPEEDB~1\vaproxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [\MIKEY\EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P35 "\\MIKEY\EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [brastk] C:\windows\system32\brastk.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ShAppInfo] C:\windows\system32\popkpmxm.exe
O4 - HKCU\..\Run: [brastk] C:\windows\system32\brastk.exe
O4 - HKLM\..\Policies\Explorer\Run: [1FRqwcD0C2] C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://redirect.hp.com/presario/hp.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/0476d0b866a86a...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144111007406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144110986312
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E6F0-1846-4054-9A64-6E3ED475A516}: NameServer = 192.168.2.1,192.160.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13024 bytes

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 PM

Posted 08 October 2008 - 08:49 PM

Were you getting any error messages from your antivirus software when running combofix? Did you disable norton before you ran it?

#9 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 09 October 2008 - 10:40 AM

I do not have any virus protection software at the moment. I can't afford pay software and cannot get a trial version of avg running. (i used to use it free) I cannot access windows firewall either as it has been hijacked by xpanti-spyware. I made sure spypot or any other anit-spyware is not running and ran combofix again. I get the following error message

Posted Image

this is getting frustrating.

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 PM

Posted 10 October 2008 - 07:52 AM

I agree, it must be frustrating.

Let's try this. Redownload combofix and save it to your C:\ folder.

Then, reboot your computer into Safe Mode and login as administrator. Once at the desktop, run C:\combofix.exe and let it run.

Running it from safe mode may bypass some of these issues.

#11 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 10 October 2008 - 12:50 PM

dont have time today, tomorrow sat the 11th. I'm glad there are resources like this. With a bad economy at least something is free.

#12 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 11 October 2008 - 10:00 AM

ok fresh combofix log.. ran it in safe mode

ComboFix 08-10-07.01 - Owner 2008-10-11 10:37:27.3 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.322 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\windows\system32\dllcache\figaro.sys
.
---- Previous Run -------
.
C:\Documents and Settings\Owner\Cookies\ejafagyjon.exe
C:\Documents and Settings\Owner\Cookies\fatufezo.vbs
C:\Documents and Settings\Owner\Cookies\oqyhow.bat
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\lusalipeha.dat
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\windows\system32\h@tkeysh@@k.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv


((((((((((((((((((((((((( Files Created from 2008-09-11 to 2008-10-11 )))))))))))))))))))))))))))))))
.

2008-10-11 10:26 . 2008-10-11 10:26 <DIR> d-------- C:\Program Files\kvldqtb
2008-10-11 10:22 . 2008-10-11 10:22 77,824 --a------ C:\WINDOWS\system32\tmtmvqjq.exe
2008-10-11 09:53 . 2008-10-11 09:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-09 00:59 . 2008-10-09 00:59 1,691 --a------ C:\story.rtf
2008-10-08 11:53 . 2008-10-08 11:53 <DIR> d-------- C:\Program Files\dhahmac
2008-10-08 11:53 . 2008-10-11 10:26 150 --a------ C:\Documents and Settings\Owner\delself.bat
2008-10-08 11:52 . 2008-10-08 11:52 98,304 --a------ C:\WINDOWS\system32\popkpmxm.exe
2008-10-07 19:58 . 2008-10-07 19:58 19,358 --a------ C:\WINDOWS\kahyhitade.bin
2008-10-07 19:58 . 2008-10-07 19:58 19,251 --a------ C:\Program Files\Common Files\umaz.sys
2008-10-07 19:58 . 2008-10-07 19:58 15,699 --a------ C:\Documents and Settings\Owner\Application Data\jumujoxy.sys
2008-10-07 19:58 . 2008-10-07 19:58 15,551 --a------ C:\WINDOWS\system32\lixyvohaf.pif
2008-10-07 19:58 . 2008-10-07 19:58 14,037 --a------ C:\Documents and Settings\All Users\Application Data\niwenura.com
2008-10-07 19:58 . 2008-10-07 19:58 13,495 --a------ C:\WINDOWS\system32\saza.pif
2008-10-07 19:58 . 2008-10-07 19:58 12,961 --a------ C:\WINDOWS\system32\umem.vbs
2008-10-07 19:58 . 2008-10-07 19:58 12,382 --a------ C:\Documents and Settings\Owner\Application Data\wydo.bin
2008-10-07 19:58 . 2008-10-07 19:58 11,800 --a------ C:\WINDOWS\yxazyp._sy
2008-10-07 19:58 . 2008-10-07 19:58 11,531 --a------ C:\WINDOWS\apuha.dl
2008-10-07 19:58 . 2008-10-07 19:58 10,423 --a------ C:\Documents and Settings\Owner\Application Data\ekega.bin
2008-10-07 19:57 . 2008-10-07 19:58 <DIR> d-------- C:\Program Files\XP_AntiSpyware
2008-10-07 19:57 . 2008-10-04 21:40 196,823 --a------ C:\WINDOWS\system32\_scui.cpl
2008-10-07 18:44 . 2008-10-07 18:44 65,428 --a------ C:\WINDOWS\system32\wini104552502.exe
2008-10-07 18:39 . 2008-10-11 10:25 10,240 --a------ C:\WINDOWS\system32\brastk.exe
2008-10-06 06:39 . 2008-10-06 06:39 98,304 --a------ C:\WINDOWS\system32\ruhchije.exe
2008-10-05 18:39 . 2008-10-05 18:39 <DIR> d-------- C:\Program Files\uqbjlwd
2008-10-05 18:38 . 2008-10-05 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ixcvqvkn
2008-10-05 18:38 . 2008-10-05 18:38 94,208 --a------ C:\WINDOWS\system32\ancbapwf.exe
2008-10-05 15:36 . 2008-10-05 15:36 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-10-04 18:46 . 2008-10-05 15:34 577 --a------ C:\WINDOWS\system32\CommPipe.bak
2008-10-04 18:46 . 2008-10-05 15:34 468 --a------ C:\WINDOWS\system32\SbLsp.bak
2008-10-04 18:45 . 2008-10-05 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Speedbit
2008-10-02 20:08 . 2008-10-02 20:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-02 20:05 . 2008-10-02 20:05 <DIR> d-------- C:\Program Files\Microsoft
2008-10-02 19:53 . 2008-10-02 19:53 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-30 14:23 . 2008-09-30 14:23 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-09-30 14:23 . 2008-09-30 14:18 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-11 14:30 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-10-08 15:46 4,844,032 ----a-w C:\windows\Internet Logs\xDB4A.tmp
2008-10-07 23:58 15,661 ----a-w C:\Program Files\Common Files\fyhuqif._sy
2008-10-07 23:57 33,280 ----a-w C:\windows\Internet Logs\xDB4B.tmp
2008-10-06 22:34 --------- d-----w C:\Program Files\AIMTunes
2008-10-05 19:34 --------- d-----w C:\Program Files\iTunes
2008-10-05 19:34 --------- d-----w C:\Program Files\Bonjour
2008-10-05 18:37 --------- d-----w C:\Program Files\Soulseek
2008-10-04 23:35 --------- d-----w C:\Program Files\MSN Messenger
2008-10-04 23:35 --------- d-----w C:\Program Files\MessengerDiscovery
2008-10-04 22:58 --------- d-----w C:\Program Files\SightSpeed
2008-10-03 00:19 --------- d-----w C:\Program Files\Windows Live
2008-09-30 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-30 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 18:52 --------- d-----w C:\Program Files\InterVideo
2008-09-30 18:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\CyberLink
2008-09-30 18:21 --------- d-----w C:\Program Files\CyberLink
2008-09-18 15:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-09-07 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-07 01:09 97,928 ----a-w C:\windows\system32\drivers\avgldx86.sys
2008-09-07 01:09 76,040 ----a-w C:\windows\system32\drivers\avgtdix.sys
2008-09-07 01:09 12,936 ----a-w C:\windows\system32\drivers\avgrkx86.sys
2008-09-07 01:09 10,520 ----a-w C:\windows\system32\avgrsstx.dll
2008-09-07 01:09 --------- d-----w C:\Program Files\AVG
2008-09-06 23:43 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 23:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-06 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 01:28 20,480 ----a-w C:\windows\Internet Logs\xDB49.tmp
2008-09-05 19:56 287,744 ----a-w C:\windows\WLXPGSS.SCR
2008-09-05 19:37 --------- d-----w C:\Program Files\Save!
2008-09-05 17:18 4,615,680 ----a-w C:\windows\Internet Logs\xDB48.tmp
2008-09-05 17:12 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-09-05 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 15:57 --------- d-----w C:\Program Files\Lavasoft
2008-09-05 15:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 04:31 17,920 ----a-w C:\windows\Internet Logs\xDB47.tmp
2008-09-05 01:40 4,599,808 ----a-w C:\windows\Internet Logs\xDB46.tmp
2008-09-05 01:26 15,360 ----a-w C:\windows\Internet Logs\xDB45.tmp
2008-09-05 01:13 4,596,736 ----a-w C:\windows\Internet Logs\xDB44.tmp
2008-09-05 01:12 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2008-09-05 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 00:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-04 16:36 4,595,200 ----a-w C:\windows\Internet Logs\xDB42.tmp
2008-09-04 16:36 22,016 ----a-w C:\windows\Internet Logs\xDB43.tmp
2008-09-04 16:27 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-03 12:04 17,408 ----a-w C:\windows\Internet Logs\xDB41.tmp
2008-09-03 06:04 4,553,216 ----a-w C:\windows\Internet Logs\xDB40.tmp
2008-09-03 04:41 4,557,824 ----a-w C:\windows\Internet Logs\xDB3E.tmp
2008-09-03 04:41 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Yahoo!
2008-09-02 04:16 38,528 ----a-w C:\windows\system32\drivers\mbamswissarmy.sys
2008-09-02 04:16 17,200 ----a-w C:\windows\system32\drivers\mbam.sys
2008-08-31 00:13 29,696 ----a-w C:\windows\Internet Logs\xDB3F.tmp
2008-08-17 21:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-07-19 02:10 94,920 ----a-w C:\windows\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\windows\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\windows\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\windows\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\windows\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\windows\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\windows\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\windows\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\windows\system32\dllcache\wuaueng.dll
2008-07-11 08:55 712,704 ------w C:\windows\system32\windowscodecs.dll
2008-07-11 08:55 347,648 ------w C:\windows\system32\windowscodecsext.dll
.
<pre>
----a-w				 0 2008-01-15 01:43:33  C:\Documents and Settings\Owner\Desktop\stuff\VST & DX Softsynth & Effects Mega Pack\Lexicon PSP 42 v1.0 .exe
----a-w				 0 2008-01-15 01:43:33  C:\Documents and Settings\Owner\Desktop\stuff\VST & DX Softsynth & Effects Mega Pack\NI FM7 Synth Native instruments .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-10-08_11.43.13.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\windows\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2003-05-16 851968]
"SightSpeed"="C:\Program Files\SightSpeed\SightSpeed.exe" [2008-07-18 4770616]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"actdscsys"="C:\windows\system32\tmtmvqjq.exe" [2008-10-11 77824]
"brastk"="C:\windows\system32\brastk.exe" [2008-10-11 10240]
"Aim6"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\windows\UpdReg.EXE" [2000-05-11 90112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 118784]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 185632]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [N/A]
"\MIKEY\EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-10-05 2705008]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"1FRqwcD0C2"="C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe" [2008-10-05 73728]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-09-29 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-30 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-30 110592]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-01-26 16384]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-12-25 888832]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= evolusbn.dll
"midi3"= evolusbn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iPodder.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\iPodder.lnk
backup=C:\windows\pss\iPodder.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
--a------ 2003-10-10 04:27 257024 C:\Program Files\HistoryKill\histkill.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-03 21:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\DOSBox-0.61\\dosbox.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\ZDaemon\\zlauncher.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Skulltag\\IdeSE.exe"=
"C:\\Program Files\\Skulltag\\skulltag.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3500:TCP"= 3500:TCP:k-lite
"10001:TCP"= 10001:TCP:BT
"10000:TCP"= 10000:TCP:BT
"10002:UDP"= 10002:UDP:BT
"10003:TCP"= 10003:TCP:BT
"10004:UDP"= 10004:UDP:BT
"10005:TCP"= 10005:TCP:BT
"10006:TCP"= 10006:TCP:BT
"10007:TCP"= 10007:TCP:BT
"10008:TCP"= 10008:TCP:BT
"10009:UDP"= 10009:UDP:BT
"10010:TCP"= 10010:TCP:BT

R0 AvgRkx86;avgrkx86.sys;C:\windows\system32\Drivers\avgrkx86.sys [2008-09-06 12936]
R1 GearAspiSys;GearAspiSys;C:\windows\system32\drivers\gearaspisys.sys [2002-06-24 53412]
S1 AvgLdx86;AVG AVI Loader Driver x86;C:\windows\system32\Drivers\avgldx86.sys [2008-09-06 97928]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]
S2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]
S2 AvgTdiX;AVG8 Network Redirector;C:\windows\system32\Drivers\avgtdix.sys [2008-09-06 76040]
S2 DVDAccss;DVDAccss;C:\windows\system32\drivers\DVDAccss.sys [2003-11-21 29156]
S2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [ ]
S2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 106496]
S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-10-05 292472]
S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);C:\windows\system32\DRIVERS\BEL6001P.sys [2002-11-06 78720]
S3 DCamUSBVeo532;Veo Web Camera;C:\windows\system32\Drivers\ubVeo532.sys [2002-07-01 95232]
S3 emuumidi;E-MU USB-MIDI Driver;C:\windows\system32\drivers\emuumidi.sys [2005-04-26 36736]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\windows\system32\drivers\evolusb.sys [2004-10-20 21984]
S3 NvnUsbAudio;NvnUsbAudio;C:\windows\system32\drivers\nvnusbaudio.sys [2006-12-22 22784]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;C:\WINDOWS\system32\pcand5bk.SYS [2002-09-19 15104]
.
Contents of the 'Scheduled Tasks' folder

2008-10-09 C:\windows\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-10-11 C:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\PROGRA~1\NORTON~1\Navw32.exe [2003-08-18 03:34]

2008-10-11 C:\windows\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-19 04:17]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ucsxmdym.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-11 10:41:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-11 10:47:14
ComboFix-quarantined-files.txt 2008-10-11 14:46:25
ComboFix2.txt 2008-10-08 16:32:28

Pre-Run: 89,455,763,456 bytes free
Post-Run: 89,442,361,344 bytes free

335 --- E O F --- 2008-10-05 07:00:55

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 PM

Posted 11 October 2008 - 03:03 PM

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Folder::
C:\Program Files\kvldqtb
C:\Program Files\dhahmac
C:\Program Files\XP_AntiSpyware
C:\Program Files\uqbjlwd
C:\Documents and Settings\All Users\Application Data\ixcvqvkn


File::
C:\WINDOWS\system32\tmtmvqjq.exe
C:\Documents and Settings\Owner\delself.bat
C:\WINDOWS\system32\popkpmxm.exe
C:\WINDOWS\kahyhitade.bin
C:\Program Files\Common Files\umaz.sys
C:\Documents and Settings\Owner\Application Data\jumujoxy.sys
C:\WINDOWS\system32\lixyvohaf.pif
C:\Documents and Settings\All Users\Application Data\niwenura.com
C:\WINDOWS\system32\saza.pif
C:\WINDOWS\system32\umem.vbs
C:\Documents and Settings\Owner\Application Data\wydo.bin
C:\WINDOWS\yxazyp._sy
C:\WINDOWS\apuha.dl
C:\Documents and Settings\Owner\Application Data\ekega.bin
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\wini104552502.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\ruhchije.exe
C:\WINDOWS\system32\ancbapwf.exe
C:\WINDOWS\system32\CommPipe.bak
C:\WINDOWS\system32\SbLsp.bak
C:\Program Files\Common Files\fyhuqif._sy
C:\windows\WLXPGSS.SCR
C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"actdscsys"=-
"brastk"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"1FRqwcD0C2"=-


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

#14 movinginslomo

movinginslomo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 12 October 2008 - 10:48 AM

combofix

ComboFix 08-10-07.01 - Owner 2008-10-12 11:05:38.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.140 [GMT -4:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript

FILE ::
C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe
C:\Documents and Settings\All Users\Application Data\niwenura.com
C:\Documents and Settings\Owner\Application Data\ekega.bin
C:\Documents and Settings\Owner\Application Data\jumujoxy.sys
C:\Documents and Settings\Owner\Application Data\wydo.bin
C:\Documents and Settings\Owner\delself.bat
C:\Program Files\Common Files\fyhuqif._sy
C:\Program Files\Common Files\umaz.sys
C:\WINDOWS\apuha.dl
C:\WINDOWS\kahyhitade.bin
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\ancbapwf.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\CommPipe.bak
C:\WINDOWS\system32\lixyvohaf.pif
C:\WINDOWS\system32\popkpmxm.exe
C:\WINDOWS\system32\ruhchije.exe
C:\WINDOWS\system32\saza.pif
C:\WINDOWS\system32\SbLsp.bak
C:\WINDOWS\system32\tmtmvqjq.exe
C:\WINDOWS\system32\umem.vbs
C:\WINDOWS\system32\wini104552502.exe
C:\windows\WLXPGSS.SCR
C:\WINDOWS\yxazyp._sy
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\ixcvqvkn
C:\Documents and Settings\All Users\Application Data\ixcvqvkn\ghcjqncv.exe
C:\Documents and Settings\All Users\Application Data\niwenura.com
C:\Documents and Settings\Owner\Application Data\ekega.bin
C:\Documents and Settings\Owner\Application Data\jumujoxy.sys
C:\Documents and Settings\Owner\Application Data\wydo.bin
C:\Documents and Settings\Owner\delself.bat
C:\Program Files\Common Files\fyhuqif._sy
C:\Program Files\Common Files\umaz.sys
C:\Program Files\dhahmac
C:\Program Files\dhahmac\chkapiproc.dll
C:\Program Files\kvldqtb
C:\Program Files\kvldqtb\admutil.dll
C:\Program Files\kvldqtb\EnUtil.dll
C:\Program Files\uqbjlwd
C:\Program Files\uqbjlwd\DscSysUtil.dll
C:\Program Files\XP_AntiSpyware
C:\Program Files\XP_AntiSpyware\AVEngn.dll
C:\Program Files\XP_AntiSpyware\comp.dat
C:\Program Files\XP_AntiSpyware\data\daily.cvd
C:\Program Files\XP_AntiSpyware\htmlayout.dll
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcp80.dll
C:\Program Files\XP_AntiSpyware\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll
C:\Program Files\XP_AntiSpyware\Uninstall.exe
C:\Program Files\XP_AntiSpyware\wscui.cpl
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
C:\WINDOWS\apuha.dl
C:\WINDOWS\kahyhitade.bin
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\ancbapwf.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\CommPipe.bak
C:\WINDOWS\system32\lixyvohaf.pif
C:\WINDOWS\system32\popkpmxm.exe
C:\WINDOWS\system32\ruhchije.exe
C:\WINDOWS\system32\saza.pif
C:\WINDOWS\system32\SbLsp.bak
C:\WINDOWS\system32\tmtmvqjq.exe
C:\WINDOWS\system32\umem.vbs
C:\WINDOWS\system32\wini104552502.exe
C:\windows\WLXPGSS.SCR
C:\WINDOWS\yxazyp._sy

.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.

2008-10-11 10:54 . 2008-10-11 10:54 77,824 --a------ C:\WINDOWS\system32\uzktghyv.exe
2008-10-11 09:53 . 2008-10-11 09:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-09 00:59 . 2008-10-09 00:59 1,691 --a------ C:\story.rtf
2008-10-05 15:36 . 2008-10-05 15:36 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-10-04 18:45 . 2008-10-05 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Speedbit
2008-10-02 20:08 . 2008-10-02 20:08 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-10-02 20:05 . 2008-10-02 20:05 <DIR> d-------- C:\Program Files\Microsoft
2008-10-02 19:53 . 2008-10-02 19:53 <DIR> d-------- C:\Program Files\Common Files\Windows Live
2008-09-30 14:23 . 2008-09-30 14:23 <DIR> d-------- C:\Program Files\Common Files\CyberLink
2008-09-30 14:23 . 2008-09-30 14:18 29,480 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 03:04 --------- d-----w C:\Program Files\SpeedBit Video Accelerator
2008-10-08 15:46 4,844,032 ----a-w C:\windows\Internet Logs\xDB4A.tmp
2008-10-07 23:57 33,280 ----a-w C:\windows\Internet Logs\xDB4B.tmp
2008-10-06 22:34 --------- d-----w C:\Program Files\AIMTunes
2008-10-05 19:34 --------- d-----w C:\Program Files\iTunes
2008-10-05 19:34 --------- d-----w C:\Program Files\Bonjour
2008-10-05 18:37 --------- d-----w C:\Program Files\Soulseek
2008-10-04 23:35 --------- d-----w C:\Program Files\MSN Messenger
2008-10-04 23:35 --------- d-----w C:\Program Files\MessengerDiscovery
2008-10-04 22:58 --------- d-----w C:\Program Files\SightSpeed
2008-10-03 00:19 --------- d-----w C:\Program Files\Windows Live
2008-09-30 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-30 18:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-30 18:52 --------- d-----w C:\Program Files\InterVideo
2008-09-30 18:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\CyberLink
2008-09-30 18:21 --------- d-----w C:\Program Files\CyberLink
2008-09-18 15:34 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-09-07 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-07 01:09 97,928 ----a-w C:\windows\system32\drivers\avgldx86.sys
2008-09-07 01:09 76,040 ----a-w C:\windows\system32\drivers\avgtdix.sys
2008-09-07 01:09 12,936 ----a-w C:\windows\system32\drivers\avgrkx86.sys
2008-09-07 01:09 10,520 ----a-w C:\windows\system32\avgrsstx.dll
2008-09-07 01:09 --------- d-----w C:\Program Files\AVG
2008-09-06 23:43 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 23:43 --------- d-----w C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-06 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-06 01:28 20,480 ----a-w C:\windows\Internet Logs\xDB49.tmp
2008-09-05 19:37 --------- d-----w C:\Program Files\Save!
2008-09-05 17:18 4,615,680 ----a-w C:\windows\Internet Logs\xDB48.tmp
2008-09-05 17:12 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-09-05 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 15:57 --------- d-----w C:\Program Files\Lavasoft
2008-09-05 15:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-05 04:31 17,920 ----a-w C:\windows\Internet Logs\xDB47.tmp
2008-09-05 01:40 4,599,808 ----a-w C:\windows\Internet Logs\xDB46.tmp
2008-09-05 01:26 15,360 ----a-w C:\windows\Internet Logs\xDB45.tmp
2008-09-05 01:13 4,596,736 ----a-w C:\windows\Internet Logs\xDB44.tmp
2008-09-05 01:12 --------- d-----w C:\Program Files\DAEMON Tools SearchBar
2008-09-05 00:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-05 00:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-04 16:36 4,595,200 ----a-w C:\windows\Internet Logs\xDB42.tmp
2008-09-04 16:36 22,016 ----a-w C:\windows\Internet Logs\xDB43.tmp
2008-09-04 16:27 --------- d-----w C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-03 12:04 17,408 ----a-w C:\windows\Internet Logs\xDB41.tmp
2008-09-03 06:04 4,553,216 ----a-w C:\windows\Internet Logs\xDB40.tmp
2008-09-03 04:41 4,557,824 ----a-w C:\windows\Internet Logs\xDB3E.tmp
2008-09-03 04:41 --------- d-----w C:\windows\system32\config\systemprofile\Application Data\Yahoo!
2008-09-02 04:16 38,528 ----a-w C:\windows\system32\drivers\mbamswissarmy.sys
2008-09-02 04:16 17,200 ----a-w C:\windows\system32\drivers\mbam.sys
2008-08-31 00:13 29,696 ----a-w C:\windows\Internet Logs\xDB3F.tmp
2008-08-17 21:36 --------- d-----w C:\Documents and Settings\Owner\Application Data\Canon
2008-07-19 02:10 94,920 ----a-w C:\windows\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\windows\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\windows\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\windows\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\windows\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\windows\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\windows\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\windows\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\windows\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\windows\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\windows\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\windows\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\windows\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\windows\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\windows\system32\dllcache\wuaueng.dll
.
<pre>
----a-w				 0 2008-01-15 01:43:33  C:\Documents and Settings\Owner\Desktop\stuff\VST & DX Softsynth & Effects Mega Pack\Lexicon PSP 42 v1.0 .exe
----a-w				 0 2008-01-15 01:43:33  C:\Documents and Settings\Owner\Desktop\stuff\VST & DX Softsynth & Effects Mega Pack\NI FM7 Synth Native instruments .exe
</pre>


((((((((((((((((((((((((((((( snapshot@2008-10-08_11.43.13.62 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\windows\erdnt\subs\ERDNT.EXE
+ 2004-07-15 06:49:16 258,048 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_aspnet_isapi.dll
+ 2004-07-15 05:32:22 81,920 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_CORPerfMonExt.dll
+ 2004-07-15 05:24:30 282,624 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_fusion.dll
+ 2004-07-15 05:25:06 315,392 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorjit.dll
+ 2004-07-15 19:29:02 2,138,112 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorlib.dll
+ 2003-02-21 10:09:18 77,824 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorsn.dll
+ 2004-07-15 05:26:52 2,510,848 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorsvr.dll
+ 2004-07-15 05:28:34 2,502,656 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_mscorwks.dll
+ 2003-02-21 19:42:22 348,160 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_msvcr71.dll
+ 2004-07-15 05:34:50 94,208 ----a-w C:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW4064\_PerfCounter.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2003-05-16 851968]
"SightSpeed"="C:\Program Files\SightSpeed\SightSpeed.exe" [2008-07-18 4770616]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Aim6"="" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\windows\UpdReg.EXE" [2000-05-11 90112]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-08-20 118784]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-03 185632]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [N/A]
"\MIKEY\EPSON Stylus CX5800F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2005-05-10 98304]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-06 1235736]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"SpeedBitVideoAccelerator"="C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-10-05 2705008]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-09-29 225280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-30 110592]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-06-30 110592]
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2004-01-26 16384]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [2007-12-25 888832]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 237568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= evolusbn.dll
"midi3"= evolusbn.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iPodder.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\iPodder.lnk
backup=C:\windows\pss\iPodder.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^spamsubtract.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
backup=C:\WINDOWS\pss\spamsubtract.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_EMC]
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
C:\Program Files\Free Download Manager\fdm.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HistoryKill]
--a------ 2003-10-10 04:27 257024 C:\Program Files\HistoryKill\histkill.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2004-08-20 15:51 118784 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 15:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-15 14:11 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 20:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 16:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-03 21:17 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\DOSBox-0.61\\dosbox.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\ZDaemon\\zlauncher.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Skulltag\\IdeSE.exe"=
"C:\\Program Files\\Skulltag\\skulltag.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\SightSpeed\\SightSpeed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3500:TCP"= 3500:TCP:k-lite
"10001:TCP"= 10001:TCP:BT
"10000:TCP"= 10000:TCP:BT
"10002:UDP"= 10002:UDP:BT
"10003:TCP"= 10003:TCP:BT
"10004:UDP"= 10004:UDP:BT
"10005:TCP"= 10005:TCP:BT
"10006:TCP"= 10006:TCP:BT
"10007:TCP"= 10007:TCP:BT
"10008:TCP"= 10008:TCP:BT
"10009:UDP"= 10009:UDP:BT
"10010:TCP"= 10010:TCP:BT

R0 AvgRkx86;avgrkx86.sys;C:\windows\system32\Drivers\avgrkx86.sys [2008-09-06 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\windows\system32\Drivers\avgldx86.sys [2008-09-06 97928]
R1 GearAspiSys;GearAspiSys;C:\windows\system32\drivers\gearaspisys.sys [2002-06-24 53412]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-06 231704]
R2 AvgTdiX;AVG8 Network Redirector;C:\windows\system32\Drivers\avgtdix.sys [2008-09-06 76040]
R2 DVDAccss;DVDAccss;C:\windows\system32\drivers\DVDAccss.sys [2003-11-21 29156]
R2 UnoInstallerService;Uno Installer;C:\Program Files\M-Audio Uno\UnoInst.exe [2004-12-04 106496]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [2008-10-05 292472]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 DCamUSBVeo532;Veo Web Camera;C:\windows\system32\Drivers\ubVeo532.sys [2002-07-01 95232]
S2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-06 875288]
S2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [ ]
S3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);C:\windows\system32\DRIVERS\BEL6001P.sys [2002-11-06 78720]
S3 emuumidi;E-MU USB-MIDI Driver;C:\windows\system32\drivers\emuumidi.sys [2005-04-26 36736]
S3 EVOLUSB;%EVOL_USB_SvcDesc%;C:\windows\system32\drivers\evolusb.sys [2004-10-20 21984]
S3 NvnUsbAudio;NvnUsbAudio;C:\windows\system32\drivers\nvnusbaudio.sys [2006-12-22 22784]
S3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;C:\WINDOWS\system32\pcand5bk.SYS [2002-09-19 15104]
.
Contents of the 'Scheduled Tasks' folder

2008-10-09 C:\windows\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-10-11 C:\windows\Tasks\Norton AntiVirus - Scan my computer.job
- c:\PROGRA~1\NORTON~1\Navw32.exe [2003-08-18 03:34]

2008-10-12 C:\windows\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-06-19 04:17]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 11:16:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-12 11:26:23
ComboFix-quarantined-files.txt 2008-10-12 15:26:10
ComboFix2.txt 2008-10-11 14:47:15
ComboFix3.txt 2008-10-08 16:32:28

Pre-Run: 88,775,061,504 bytes free
Post-Run: 88,750,911,488 bytes free

362 --- E O F --- 2008-10-12 07:00:53

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:07 AM, on 10/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [\MIKEY\EPSON Stylus CX5800F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P35 "\\MIKEY\EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files\SightSpeed\SightSpeed.exe" -bootmode
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [actdscsys] C:\windows\system32\tmtmvqjq.exe
O4 - HKCU\..\Run: [brastk] C:\windows\system32\brastk.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - http://redirect.hp.com/presario/hp.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200404...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144111007406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144110986312
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C421E6F0-1846-4054-9A64-6E3ED475A516}: NameServer = 192.168.2.1,192.160.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12414 bytes

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:48 PM

Posted 12 October 2008 - 01:38 PM

Click on start, settings, control panel and double-click on add/remove programs. From with add/remove program uninstall the following if they exist:

WhenU
Save!
Save Now

Then,

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

File::
C:\WINDOWS\system32\uzktghyv.exe

Folder::
C:\Program Files\Save!


Save this as the txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users