Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Pop-ups, Don't Know Where Its Coming From


  • Please log in to reply
3 replies to this topic

#1 Spaticus

Spaticus

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 01 July 2006 - 06:21 PM

I keep getting pop-ups in Firefox, and IE keeps popping up, too. Also, whenever I open my harddrive, I hear a pop sound effect and thats when the pop-ups really start coming. I've ran a virus scan, got nothing. Spyware scans, nothing.

Here's my Hi-Jack this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:20:13 PM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\UGV0ZXIgU3BhdGVyaSBTcGF0ZXJp\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ipwins\ipwins.exe
C:\dfndrb_3.exe
C:\WINDOWS\system32\rwinlqez.exe
C:\WINDOWS\zfvntvnA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\PSHope\PSHope.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pete\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrb_3.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmb_3.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdb_3.exe
O4 - HKLM\..\Run: [wdd223e1.dll] RUNDLL32.EXE wdd223e1.dll,I2 0008cd0e0dd223e1
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinlqez.exe GID003
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [zfvntvnA] C:\WINDOWS\zfvntvnA.exe
O4 - HKLM\..\Run: [w0668387.dll] RUNDLL32.EXE w0668387.dll,I2 0008cd0e00668387
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinlqez.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146287175734
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGV0ZXIgU3BhdGVyaSBTcGF0ZXJp\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SMS Help Center (SMS32) - Unknown owner - C:\WINDOWS\smss32.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\zfvntvn.exe (file missing)

I can tell right away a ton of that shouldn't be there. I just don't know how to get rid of it.

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 01 July 2006 - 08:32 PM

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 Spaticus

Spaticus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 02 July 2006 - 01:23 AM

Start Time= Sun 07/02/2006 2:20:18.32
Running from: C:\Documents and Settings\Pete\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\czyptdll.dll
C:\WINDOWS\SYSTEM32\dauGUI11.dll
C:\WINDOWS\SYSTEM32\dzserial.dll
C:\WINDOWS\SYSTEM32\fwamebuf.dll
C:\WINDOWS\SYSTEM32\grtuname.dll
C:\WINDOWS\SYSTEM32\hup95en.dll
C:\WINDOWS\SYSTEM32\iarop.dll
C:\WINDOWS\SYSTEM32\iopsc20.dll
C:\WINDOWS\SYSTEM32\issecsvc.dll
C:\WINDOWS\SYSTEM32\iypm20.dll
C:\WINDOWS\SYSTEM32\LUVRGBxf.dll
C:\WINDOWS\SYSTEM32\mapatcha.dll
C:\WINDOWS\SYSTEM32\mevidctl.dll
C:\WINDOWS\SYSTEM32\mgc40u.dll
C:\WINDOWS\SYSTEM32\mirapi.dll
C:\WINDOWS\SYSTEM32\mivcp60.dll
C:\WINDOWS\SYSTEM32\morating.dll
C:\WINDOWS\SYSTEM32\mqvcr71.dll
C:\WINDOWS\SYSTEM32\mvvcp71.dll
C:\WINDOWS\SYSTEM32\mwvcrt40.dll
C:\WINDOWS\SYSTEM32\NHSInst.dll
C:\WINDOWS\SYSTEM32\nnsdexts.dll
C:\WINDOWS\SYSTEM32\npevtmsg.dll
C:\WINDOWS\SYSTEM32\oae2.dll
C:\WINDOWS\SYSTEM32\uircntra.dll
C:\WINDOWS\SYSTEM32\uqbmon.dll
C:\WINDOWS\SYSTEM32\vxa256.dll
C:\WINDOWS\SYSTEM32\wdnotify.dll
C:\WINDOWS\SYSTEM32\wlerrenu.dll
C:\WINDOWS\SYSTEM32\wopasf.dll
C:\WINDOWS\SYSTEM32\WWDRMNet.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Pete\Application Data\Sskknwrd.dll
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



2:18:21.31
((((((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload1.exe
C:\drsmartload45r.exe
C:\drsmartload46r.exe
C:\drsmartload849r.exe
C:\Mendoza1.exe
C:\dfndrb_3.exe
C:\nwnmb_3.exe
C:\kybrdb_3.exe
C:\Documents and Settings\Lexi\Local Settings\Temporary Internet Files\Content.IE5\2S9AI1T9\drsmartload849a[1].exe
C:\Documents and Settings\Lexi\Local Settings\Temporary Internet Files\Content.IE5\4D6B4H40\drsmartload45a[1].exe
C:\Documents and Settings\Lexi\Local Settings\Temporary Internet Files\Content.IE5\4D6B4H40\dfndrc_2[1].exe
C:\Documents and Settings\Lexi\Local Settings\Temporary Internet Files\Content.IE5\AOA4RVXY\nwnmb_2[1].exe
C:\Documents and Settings\Lexi\Local Settings\Temporary Internet Files\Content.IE5\AOA4RVXY\kybrdc_2[1].exe
C:\Documents and Settings\Lexi\Local Settings\Temporary Internet Files\Content.IE5\LEOLALN8\drsmartload46a[1].exe
C:\Documents and Settings\Lexi\Local Settings\Temporary Internet Files\Content.IE5\LEOLALN8\drsmartload[1].exe
C:\Documents and Settings\Lexi\Local Settings\Temporary Internet Files\Content.IE5\LEOLALN8\nwnmc_2[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MN6J0DW5\Mendoza1[1].exe
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\GDYFKPA7\kybrdb_3[1].exe
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\JARUNZES\nwnmb_3[1].exe
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\JVLX11TU\drsmartload46a[1].exe
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\K5YN4HY3\drsmartload849a[1].exe
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\UN0BPUNY\drsmartload45a[1].exe
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\YQQHPLK6\drsmartload[1].exe
C:\Documents and Settings\TEMP.KIDS\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5IRS9QJ\drsmartload849a[3].exe
C:\Documents and Settings\TEMP.KIDS\Local Settings\Temp\Temporary Internet Files\Content.IE5\O5IRS9QJ\drsmartload[1].exe
C:\Documents and Settings\TEMP.KIDS\Local Settings\Temp\Temporary Internet Files\Content.IE5\SD2JSL63\drsmartload46a[1].exe
C:\Documents and Settings\TEMP.KIDS\Local Settings\Temp\Temporary Internet Files\Content.IE5\VRE49JK5\drsmartload45a[1].exe
C:\WINDOWS\newname.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\keyboard131.dat
C:\MTE3NDI6ODoxNg.exe
C:\warebundle.exe
C:\warebundle2.exe
C:\Documents and Settings\Pete\Local Settings\Temporary Internet Files\Content.IE5\K5YN4HY3\MTE3NDI6ODoxNg[2].exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\warebundle.exe
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Program Files\network monitor
C:\Program Files\snowball wars
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\svchostsys
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\UGV0ZXIgU3BhdGVyaSBTcGF0ZXJp


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-01 17:07:26 467968 ( A.... ) "C:\visfx500.exe"
2006-07-01 17:07:20 48190 ( A.... ) "C:\VSL02.exe"
2006-07-01 17:07:16 310122 ( A.... ) "C:\Trelew.exe"
2006-07-01 16:56:32 69632 ( A.... ) "C:\WINDOWS\system32\lceoclbd.dll"
2006-07-01 16:56:32 33012 ( A.... ) "C:\WINDOWS\system32\tpuninstall.exe"
2006-07-01 16:02:18 0 ( A.... ) "C:\Documents and Settings\Pete\Application Data\internaldb41.dat"
2006-07-01 16:02:16 657 ( A.... ) "C:\Program Files\Common Files\mezon"
2006-07-01 15:59:22 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
2006-07-01 15:59:16 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-07-01 15:59:12 29696 ( A.... ) "C:\WINDOWS\system32\w0667399.dll"
2006-07-01 15:59:12 2560 ( A.... ) "C:\ac3_0003.exe"
2006-07-01 15:59:12 1063 ( A.... ) "C:\WINDOWS\system32\aaa00000.sys"
2006-07-01 15:59:12 1063 ( A.... ) "C:\WINDOWS\system32\aaa00000.sys"
2006-07-01 15:59:10 235134 ( A.... ) "C:\WINDOWS\srvzcvpsnn.exe"
2006-07-01 15:59:10 184829 ( A.... ) "C:\WINDOWS\srvcfpulof.exe"
2006-07-01 15:59:10 32976 ( A.... ) "C:\WINDOWS\system32\uninstIcn.exe"
2006-07-01 15:59:00 587776 ( A.... ) "C:\626_101.exe"
2006-07-01 15:58:46 578560 ( A.... ) "C:\Installer.exe"
2006-06-29 23:59:42 69632 ( A.... ) "C:\WINDOWS\system32\ojhmogkd.dll"
2006-06-29 23:56:40 ( .D... ) "C:\Program Files\PSHope"
2006-06-29 23:56:38 235134 ( A.... ) "C:\WINDOWS\srvfvevhyk.exe"
2006-06-29 23:56:38 184829 ( A.... ) "C:\WINDOWS\srvmiaokav.exe"
2006-06-28 09:35:34 836 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-06-28 09:35:34 836 ( A.... ) "C:\WINDOWS\system32\nt68rrtc12.sys"
2006-06-27 14:52:34 65536 ( A.... ) "C:\WINDOWS\IFinst27.exe"
2006-06-26 22:56:44 ( .D... ) "C:\Program Files\Gravity"
2006-06-26 19:37:16 61440 ( A.... ) "C:\WINDOWS\system32\aaa00000.dll"
2006-06-26 19:37:14 ( .D... ) "C:\Program Files\EngageSidebar"
2006-06-26 19:37:12 29696 ( A.... ) "C:\WINDOWS\system32\w000e5fb.dll"
2006-06-24 23:57:12 173 ( A.... ) "C:\WINDOWS\comexec.bat"
2006-06-23 10:59:44 ( .D... ) "C:\Program Files\ToolBar888"
2006-06-21 22:55:30 ( .D... ) "C:\Program Files\Common Files\?ssembly"
2006-06-21 14:42:34 ( .D... ) "C:\Program Files\softnyx"
2006-06-20 19:55:26 389120 ( A.... ) "C:\WINDOWS\system32\nodeipproc.dll"
2006-06-20 10:12:00 159839 ( A.... ) "C:\WINDOWS\system32\rwinlqez.exe"
2006-06-20 10:11:34 298435 ( A.... ) "C:\svchost.exe"
2006-06-19 00:26:00 ( .D... ) "C:\Documents and Settings\Pete\Application Data\Ipswitch"
2006-06-19 00:25:54 ( .D... ) "C:\Program Files\Ipswitch"
2006-06-17 17:12:02 ( .D... ) "C:\Program Files\Blaze Media Pro"
2006-06-17 17:11:40 ( .D... ) "C:\Documents and Settings\Pete\Application Data\{FBDA53F5-763E-4114-A576-612E9769C133}"
2006-06-17 17:10:26 ( .D... ) "C:\Documents and Settings\Pete\Application Data\Seven Zip"
2006-06-16 05:18:44 ( .D... ) "C:\Program Files\Common Files\partypoker"
2006-06-15 21:18:24 81920 ( A.... ) "C:\WINDOWS\system32\iexplore.dll"
2006-06-15 21:18:24 ( .D... ) "C:\Program Files\s?stem32"
2006-06-14 22:18:50 154 ( A.... ) "C:\WINDOWS\comfix.bat"
2006-06-14 21:03:46 114174 ( A.... ) "C:\WINDOWS\hostsmgr.exe"
2006-06-13 06:29:32 183845 ( A.... ) "C:\WINDOWS\comhost.exe"
2006-06-12 14:09:18 10752 ( A.... ) "C:\WINDOWS\system32\Shlesb.dll"
2006-06-09 21:26:06 396 ( A.... ) "C:\services.com"
2006-06-09 01:28:56 ( .D... ) "C:\Program Files\Weather"
2006-06-08 21:09:14 ( .D... ) "C:\Program Files\DNS"
2006-06-08 21:09:12 342636 ( ..SH. ) "C:\Program Files\Common Files\mc-110-12-0000488.exe"
2006-06-08 20:59:28 ( .D... ) "C:\Program Files\ipwins"
2006-06-08 06:38:52 20480 ( A.... ) "C:\stub_sca3.exe"
2006-06-08 06:38:38 299624 ( A.... ) "C:\WHCC2.exe"
2006-06-08 06:38:28 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-06-08 06:38:22 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-06-08 03:36:54 ( .D... ) "C:\Program Files\TClock"
2006-06-08 03:36:52 ( .D... ) "C:\Program Files\InetGet2"
2006-06-07 22:41:02 ( .D... ) "C:\Program Files\Windows"
2006-06-07 22:41:02 ( .D... ) "C:\Program Files\Common Files\InetGet"
2006-06-07 21:49:00 ( .D... ) "C:\Program Files\McAfee"
2006-06-04 04:29:42 61 ( A.... ) "C:\WINDOWS\comhost.bat"
2006-05-29 21:08:56 108462 ( A.... ) "C:\WINDOWS\manager.exe"
2006-05-25 17:11:58 ( .D... ) "C:\Program Files\Audacity"
2006-05-23 19:56:10 1682 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"
2006-05-23 19:56:10 1682 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"
2006-05-23 19:56:10 56 ( ..SHR ) "C:\WINDOWS\system32\E4721A4085.sys"
2006-05-23 19:56:10 56 ( ..SHR ) "C:\WINDOWS\system32\E4721A4085.sys"
2006-05-20 19:45:04 ( .D... ) "C:\Program Files\Common Files\Enterbrain"
2006-05-17 19:15:24 ( .D... ) "C:\Documents and Settings\Pete\Application Data\Winamp"
2006-05-03 23:26:22 5818784 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2006-04-23 02:16:00 266240 ( A.... ) "C:\NNSCAA638.EXE"
2006-04-22 23:56:08 24576 ( A.... ) "C:\WINDOWS\system32\msxml3a.dll"
2006-04-22 23:51:54 114171 ( A.... ) "C:\WINDOWS\chadch.exe"
2006-04-22 23:51:20 232779 ( A.... ) "C:\WINDOWS\system32\Setup94.exe"
2006-04-21 23:07:12 206 ( A.... ) "C:\WINDOWS\rttun.dll"
2006-04-21 20:27:50 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"


((((((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))))))


2006-07-01 17:07 48,190 C:\VSL02.exe
2006-07-01 17:07 467,968 C:\visfx500.exe
2006-07-01 17:07 310,122 C:\Trelew.exe
2006-07-01 16:56 69,632 C:\WINDOWS\system32\lceoclbd.dll
2006-07-01 15:59 48,167 C:\WINDOWS\system32\VSL05.exe
2006-07-01 15:59 38,412 C:\WINDOWS\ssqbn.exe
2006-07-01 15:59 29,696 C:\WINDOWS\system32\w0667399.dll
2006-07-01 15:59 235,134 C:\WINDOWS\srvzcvpsnn.exe
2006-07-01 15:59 2,560 C:\ac3_0003.exe
2006-07-01 15:59 184,829 C:\WINDOWS\srvcfpulof.exe
2006-07-01 15:58 587,776 C:\626_101.exe
2006-07-01 15:58 578,560 C:\Installer.exe
2006-06-29 23:59 69,632 C:\WINDOWS\system32\ojhmogkd.dll
2006-06-29 23:59 33,012 C:\WINDOWS\system32\tpuninstall.exe
2006-06-29 23:56 32,976 C:\WINDOWS\system32\uninstIcn.exe
2006-06-29 23:56 235,134 C:\WINDOWS\srvfvevhyk.exe
2006-06-29 23:56 214,304 C:\WINDOWS\zfvntvnA.exe
2006-06-29 23:56 184,829 C:\WINDOWS\srvmiaokav.exe
2006-06-26 22:51 65,536 C:\WINDOWS\IFinst27.exe
2006-06-26 19:37 61,440 C:\WINDOWS\system32\aaa00000.dll
2006-06-26 19:37 29,696 C:\WINDOWS\system32\w000e5fb.dll
2006-06-26 19:37 1,063 C:\WINDOWS\system32\aaa00000.sys
2006-06-25 23:18 4,682 C:\WINDOWS\system32\npptNT2.sys
2006-06-23 23:53 836 C:\WINDOWS\system32\nt68rrtc12.sys
2006-06-23 06:58 173 C:\WINDOWS\comexec.bat
2006-06-20 19:55 389,120 C:\WINDOWS\system32\nodeipproc.dll
2006-06-20 10:11 159,839 C:\WINDOWS\system32\rwinlqez.exe
2006-06-19 00:25 50,688 C:\WINDOWS\system32\wbhelp2.dll
2006-06-15 21:18 81,920 C:\WINDOWS\system32\iexplore.dll
2006-06-15 18:30 114,174 C:\WINDOWS\hostsmgr.exe
2006-06-13 23:55 298,435 C:\svchost.exe
2006-06-12 14:09 10,752 C:\WINDOWS\system32\Shlesb.dll
2006-06-12 06:00 183,845 C:\WINDOWS\comhost.exe
2006-06-09 10:29 396 C:\services.com
2006-06-09 01:25 154 C:\WINDOWS\comfix.bat
2006-06-08 06:38 45,056 C:\WINDOWS\system32tfthot.exe
2006-06-08 06:38 45,056 C:\WINDOWS\system32\tfthot.exe
2006-06-08 06:38 299,624 C:\WHCC2.exe
2006-06-08 06:38 20,480 C:\stub_sca3.exe
2006-06-07 21:46 61 C:\WINDOWS\comhost.bat
2006-06-07 21:46 108,462 C:\WINDOWS\manager.exe


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"CHotkey"="mHotkey.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"VideoraiPodConverter"="C:\\Program Files\\VideoraiPodConverter\\VideoraiPodConverter.exe -t"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"IpWins"="C:\\Program Files\\ipwins\\ipwins.exe"
"wdd223e1.dll"="RUNDLL32.EXE wdd223e1.dll,I2 0008cd0e0dd223e1"
"BrowserUpdateSched"="C:\\WINDOWS\\system32\\rwinlqez.exe GID003"
"zfvntvnA"="C:\\WINDOWS\\zfvntvnA.exe"
"w0668387.dll"="RUNDLL32.EXE w0668387.dll,I2 0008cd0e00668387"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"Cacheman"="C:\\PROGRA~1\\Cacheman\\Cacheman.exe"
"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\MSN\\mefex.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Online Services\\pohobybiw.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"urif"="C:\\PROGRA~1\\COMMON~1\\urif\\urifm.exe"
"uponk"="C:\\WINDOWS\\system32\\ycdujy.exe reg_run"
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"
"sys_up1"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"
"Rcsh"="\"C:\\WINDOWS\\system32\\SKS~1\\javaw.exe\" -vt yazr"
"Poz"="C:\\Program Files\\s?stem32\\w?nword.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"urif"="C:\\PROGRA~1\\COMMON~1\\urif\\urifm.exe"
"uponk"="C:\\WINDOWS\\system32\\ycdujy.exe reg_run"
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"
"sys_up1"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"
"Rcsh"="\"C:\\WINDOWS\\system32\\SKS~1\\javaw.exe\" -vt yazr"
"Poz"="C:\\Program Files\\s?stem32\\w?nword.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"WinUpdate.exe"="C:\\Program Files\\Windows\\WinUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

HKEY_LOCAL_MACHINE\system\controlset001\control\safeboot\minimal\vds
HKEY_LOCAL_MACHINE\system\controlset001\control\safeboot\minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}
HKEY_LOCAL_MACHINE\system\controlset003\control\safeboot\minimal\vds
HKEY_LOCAL_MACHINE\system\controlset003\control\safeboot\minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}


Contents of the 'Scheduled Tasks' folder

Completion time: Sun 07/02/2006 2:20:32.04
ComboFix ver 06.07.02 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-02.022018.txt


Logfile of HijackThis v1.99.1
Scan saved at 2:24:02 AM, on 7/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ipwins\ipwins.exe
C:\WINDOWS\system32\rwinlqez.exe
C:\WINDOWS\zfvntvnA.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Cacheman\Cacheman.exe
C:\Program Files\PSHope\PSHope.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pete\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VideoraiPodConverter] C:\Program Files\VideoraiPodConverter\VideoraiPodConverter.exe -t
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [wdd223e1.dll] RUNDLL32.EXE wdd223e1.dll,I2 0008cd0e0dd223e1
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinlqez.exe GID003
O4 - HKLM\..\Run: [zfvntvnA] C:\WINDOWS\zfvntvnA.exe
O4 - HKLM\..\Run: [w0668387.dll] RUNDLL32.EXE w0668387.dll,I2 0008cd0e00668387
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Cacheman] C:\PROGRA~1\Cacheman\Cacheman.exe
O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinlqez.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1146287175734
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SMS Help Center (SMS32) - Unknown owner - C:\WINDOWS\smss32.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\zfvntvn.exe (file missing)

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:45 PM

Posted 02 July 2006 - 09:25 AM

You need to update Ewido to V4
http://www.ewido.net/en/download/


Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users