Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Adrotate, Possibly More


  • Please log in to reply
5 replies to this topic

#1 dwheimerl

dwheimerl

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 12 October 2006 - 02:53 PM

I keep getting random popups, multiple iexplore.exe files taking up lots of CPU, other random processes using lots of CPU, and references to adrotate in my hijackthis log. Could someone look at my log and help me remove it all? Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:48:28 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Gaim\gaim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsb4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Micro] "C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLLHOST] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [ToolbarInstall] C:\WINDOWS\MirarSetup_876057.exe
O4 - HKLM\..\Run: [win3211-1199070174] C:\WINDOWS\win3211-1199070174.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DLLHOST] C:\WINDOWS\system32\dllhost32.exe
O4 - HKCU\..\Run: [mwrr] C:\PROGRA~1\COMMON~1\mwrr\mwrrm.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dustin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150661646569
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150661639694
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpna/web/...hp.cab?1,0,0,94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = heimerl.local
O17 - HKLM\Software\..\Telephony: DomainName = heimerl.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = heimerl.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = heimerl.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:12 PM

Posted 12 October 2006 - 03:00 PM

Hello there and welcome to Bleeping Computer's security forum.
My name is David, I will be helping you with your log today.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply.

Run HijackThis.
On the first menu, click Open the Misc Tools Section
Click Open Uninstall Manager
Click Save List - Save it anywhere.
A notepad will pop-up after it's saved, please copy everything in that Notepad and paste it here.

Please post back with the combofix log, the uninstall list and a new Hijackthis log.
David

#3 dwheimerl

dwheimerl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 12 October 2006 - 03:12 PM

Here is the ComboFix.txt file:
Dustin - 06-10-12 15:00:16.04 Service Pack 2
ComboFix 06.10.12 - Running from: "C:\Documents and Settings\Dustin\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\adrot-uninst.exe
C:\WINDOWS\system32\tsuninst.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{3887A422-063B-1033-0525-060503310001}
C:\Program Files\Common Files\{B887A422-063B-1033-0525-060503310001}
C:\WINDOWS\system32\adrotate.dll


((((((((((((((((((((((((((((((( Files Created from 2006-09-12 to 2006-10-12 ))))))))))))))))))))))))))))))))))


2006-10-12 09:14 78,848 --a------ C:\WINDOWS\system32\nsb4.dll
2006-10-12 00:07 32,768 --a------ C:\WINDOWS\unstall.exe
2006-10-12 00:07 25,105 --a------ C:\WINDOWS\idlemg.exe
2006-10-12 00:07 163,840 --a------ C:\WINDOWS\win3211-1199070174.exe
2006-10-12 00:07 139,264 --a------ C:\WINDOWS\MirarSetup_876057.exe
2006-10-12 00:07 1,233 --a------ C:\WINDOWS\system32\sgzb658d.sys
2006-10-12 00:06 50,976 --a------ C:\WINDOWS\elitepop06.exe
2006-10-12 00:06 433,632 --a------ C:\WINDOWS\hancerdoem.exe
2006-10-12 00:06 221,523 --a------ C:\WINDOWS\1011_justin.exe
2006-10-12 00:06 217,346 --a------ C:\WINDOWS\Setup90.exe
2006-10-12 00:06 2,560 --a------ C:\WINDOWS\ac3_0002.exe
2006-10-11 23:25 86,036 --a------ C:\WINDOWS\system32\lfwtdefm.dll
2006-10-11 23:23 143,380 --a------ C:\WINDOWS\system32\swlvupqm.exe
2006-10-11 23:22 381,816 ---hs---- C:\WINDOWS\system32\mlkkj.bak1
2006-10-11 23:21 684,084 --ahs---- C:\WINDOWS\system32\jkklm.dll.vir
2006-10-11 23:15 94,208 --a------ C:\WINDOWS\system32\rlpfpvb.dll
2006-10-11 23:15 72,704 --a------ C:\WINDOWS\system32\ekxthrh.dll
2006-10-11 23:15 40,973 ---hs---- C:\WINDOWS\system32\nnnnomj.dll
2006-10-11 23:15 18,432 --a------ C:\WINDOWS\system32\winzwr32.dll
2006-10-11 12:56 115,134 --a------ C:\WINDOWS\system32\justin.exe
2006-10-11 11:37 96,911 --a------ C:\WINDOWS\system32\ts_www.exe
2006-10-10 23:25 13,824 --a------ C:\WINDOWS\system32\drivers\amdacpi.sys
2006-10-10 23:23 29,696 --a------ C:\WINDOWS\system32\drivers\AmdTools.sys
2006-10-04 16:53 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-09-27 11:04 12,928 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2006-09-22 09:38 53,248 --a------ C:\WINDOWS\109uninst.exe
2006-09-22 09:36 53,248 --a------ C:\WINDOWS\uni_7eh.exe
2006-09-19 01:09 106,698 --a------ C:\WINDOWS\system32\dllhost32.exe
2006-09-14 19:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-12 15:01 -------- d-------- C:\Program Files\Common Files
2006-10-12 14:55 -------- d-------- C:\Documents and Settings\Dustin\Application Data\.gaim
2006-10-12 14:48 -------- d-------- C:\Program Files\HijackThis
2006-10-12 14:43 -------- d-------- C:\Program Files\Common Files\mwrr
2006-10-12 00:07 -------- d-------- C:\Program Files\webHancer
2006-10-12 00:07 -------- d-------- C:\Documents and Settings\Dustin\Application Data\uTorrent
2006-10-12 00:06 -------- d-------- C:\Program Files\em
2006-10-11 23:49 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-11 23:23 -------- d-------- C:\Program Files\VSToolbar
2006-10-11 01:14 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Winamp
2006-10-11 00:39 -------- d-------- C:\Documents and Settings\Dustin\Application Data\X-Chat 2
2006-10-11 00:31 -------- d-------- C:\Program Files\Orban
2006-10-11 00:14 -------- d-------- C:\Program Files\Winamp
2006-10-10 23:25 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-10 23:25 -------- d-------- C:\Program Files\AMD
2006-10-10 22:44 -------- d-------- C:\Program Files\GIMP-2.0
2006-10-09 09:55 -------- d-------- C:\Program Files\NSVtools
2006-10-09 00:52 -------- d-------- C:\Program Files\nsvgui7
2006-10-08 19:24 -------- d-------- C:\Program Files\xchat
2006-10-05 19:08 -------- d-------- C:\Program Files\Common Files\Adobe
2006-10-05 19:08 -------- d-------- C:\Program Files\Adobe
2006-10-05 18:59 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Adobe
2006-10-05 18:47 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-05 18:46 -------- d-------- C:\Program Files\Street Challenge
2006-10-05 18:46 -------- d-------- C:\Program Files\eBay
2006-10-05 18:40 -------- d-------- C:\Program Files\WarRock
2006-10-05 12:30 -------- d-------- C:\Program Files\Google
2006-10-04 23:20 -------- d-------- C:\Program Files\Xbcd 360 Driver
2006-10-04 00:34 -------- d-------- C:\Program Files\Weather Pulse
2006-10-02 20:18 -------- d-------- C:\Program Files\TVUPlayer
2006-10-02 15:59 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Download Manager
2006-10-02 08:55 -------- d-------- C:\Program Files\Common Files\EasyInfo
2006-10-02 08:24 -------- d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2006-09-30 05:45 -------- d-------- C:\Program Files\Cain
2006-09-29 00:01 -------- d-------- C:\Program Files\Defcon
2006-09-27 10:49 -------- d---s---- C:\Documents and Settings\Dustin\Application Data\Microsoft
2006-09-27 10:43 -------- d-------- C:\Program Files\Microsoft Virtual PC
2006-09-27 00:22 -------- d-------- C:\Program Files\Lead Pursuit
2006-09-26 13:43 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Weather Pulse
2006-09-26 10:44 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Macromedia
2006-09-24 23:55 -------- d-------- C:\Program Files\UnHackMe
2006-09-23 09:09 -------- d-------- C:\Program Files\FLAC
2006-09-21 22:35 -------- d-------- C:\Program Files\MSN Messenger
2006-09-20 22:57 -------- d-------- C:\Program Files\Viewpoint
2006-09-20 22:57 -------- d-------- C:\Program Files\Common Files\Nullsoft
2006-09-20 22:57 -------- d-------- C:\Program Files\Common Files\aolshare
2006-09-20 22:57 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-20 22:57 -------- d-------- C:\Program Files\AOL
2006-09-20 22:57 -------- d-------- C:\Program Files\AOD
2006-09-20 22:54 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Mozilla
2006-09-20 02:23 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Skype
2006-09-19 01:09 -------- d-------- C:\Program Files\SpacialAudio
2006-09-19 00:30 -------- d-------- C:\Documents and Settings\Dustin\Application Data\IMVU
2006-09-18 11:10 -------- d-------- C:\Program Files\Lavasoft
2006-09-18 11:10 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Lavasoft
2006-09-17 23:49 11266 --a------ C:\Documents and Settings\Dustin\Application Data\phpdesigner.xml
2006-09-14 19:40 -------- d-------- C:\Program Files\DIFX
2006-09-14 00:50 -------- d-------- C:\Program Files\IMVU
2006-09-11 12:00 471520 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2006-09-10 12:10 -------- d-------- C:\Program Files\XBox 360 Controller for Windows Software
2006-09-09 15:44 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-09 15:43 -------- d-------- C:\Program Files\Macromedia
2006-09-09 01:09 -------- d-------- C:\Program Files\nitto
2006-09-08 08:09 -------- d-------- C:\Program Files\Electronic Arts
2006-09-08 08:04 -------- d-------- C:\Program Files\EA SPORTS
2006-09-07 21:19 -------- d-------- C:\Program Files\gt-final
2006-09-07 18:13 -------- d-------- C:\Program Files\PartyGaming
2006-09-07 02:08 -------- d-------- C:\Program Files\HPQ
2006-09-07 01:27 -------- d-------- C:\Documents and Settings\Dustin\Application Data\AdobeUM
2006-09-05 22:58 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-02 05:36 -------- d-------- C:\Program Files\iTunes
2006-09-02 05:36 -------- d-------- C:\Program Files\iPod
2006-08-31 01:15 -------- d-------- C:\Program Files\HP Web Jetadmin
2006-08-30 02:38 -------- d-------- C:\Program Files\Hewlett-Packard
2006-08-30 02:19 98304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2006-08-30 02:19 73728 --a------ C:\WINDOWS\system32\hptcpmib.dll
2006-08-30 02:19 28672 --a------ C:\WINDOWS\system32\hpzjfw01.dll
2006-08-30 02:19 204800 --a------ C:\WINDOWS\system32\hptcpmui.dll
2006-08-30 02:19 155648 --a------ C:\WINDOWS\system32\hptcpmon.dll
2006-08-30 02:19 139264 --a------ C:\WINDOWS\system32\hpzjrd01.dll
2006-08-29 15:34 -------- d-------- C:\Program Files\Trend Micro
2006-08-28 23:37 -------- d-------- C:\Program Files\Active WebCam
2006-08-28 23:35 -------- d-------- C:\Program Files\Vstep
2006-08-28 15:39 -------- d-------- C:\Program Files\Sierra On-Line
2006-08-27 11:05 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-27 11:04 -------- d-------- C:\Program Files\Microsoft Works
2006-08-27 11:04 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-08-27 11:04 -------- d-------- C:\Program Files\Microsoft Office
2006-08-27 11:04 -------- d-------- C:\Program Files\Common Files\System
2006-08-27 10:10 -------- d-------- C:\Program Files\Course Technology
2006-08-27 00:36 -------- d-------- C:\Documents and Settings\Dustin\Application Data\ATI
2006-08-27 00:29 -------- d-------- C:\Program Files\ATI Technologies
2006-08-27 00:22 -------- d-------- C:\Program Files\Driver Cleaner Pro
2006-08-26 11:54 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Google
2006-08-26 08:58 -------- d-------- C:\Program Files\Internet Explorer
2006-08-25 00:25 -------- d-------- C:\Program Files\Common Files\SystemRequirementsLab
2006-08-24 17:45 -------- d-------- C:\Program Files\3GP_Converter034
2006-08-24 01:38 -------- d-------- C:\Program Files\DVD Decrypter
2006-08-23 20:26 49152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2006-08-23 20:26 1044480 -ra------ C:\WINDOWS\system32\roboex32.dll
2006-08-23 00:31 5906432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-23 00:31 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-23 00:31 457728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-23 00:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-23 00:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-23 00:31 175616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-23 00:31 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-23 00:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-23 00:18 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-23 00:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-23 00:17 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-23 00:17 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-23 00:16 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-23 00:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-23 00:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-23 00:13 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-23 00:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-23 00:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-23 00:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-23 00:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-23 00:13 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-23 00:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-23 00:11 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-23 00:10 61440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-23 00:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-23 00:09 262656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-23 00:07 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-22 23:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-22 23:36 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-22 23:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-22 02:55 -------- d-------- C:\Program Files\virtualdub
2006-08-22 02:50 -------- d-------- C:\Documents and Settings\Dustin\Application Data\Ahead
2006-08-21 19:53 -------- d-------- C:\Program Files\Motherboard Monitor 5
2006-08-21 19:48 -------- d-------- C:\Program Files\cpuz
2006-08-21 19:43 -------- d-------- C:\Program Files\SpeedFan
2006-08-21 19:39 -------- d-------- C:\Program Files\Nmap
2006-08-20 02:35 -------- d-------- C:\Program Files\VoipStunt.com
2006-08-19 00:54 -------- d-------- C:\Program Files\uTorrent
2006-08-17 22:54 -------- d-------- C:\Program Files\Microsoft Location Finder
2006-08-17 02:13 -------- d-------- C:\Program Files\games
2006-08-16 22:32 -------- d-------- C:\Program Files\XNA
2006-08-16 22:32 -------- d-------- C:\Program Files\MSBuild
2006-08-13 12:28 -------- d-------- C:\Program Files\ImTOO
2006-08-12 18:25 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-12 18:24 -------- d-------- C:\Program Files\Common Files\Designer
2006-08-12 17:15 -------- d-------- C:\Program Files\AviSynth 2.5
2006-08-12 17:14 -------- d-------- C:\Program Files\eRightSoft
2006-08-10 19:46 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-07 10:42 720896 --a------ C:\WINDOWS\iun6002ev.exe
2006-08-02 17:27 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-08-02 17:12 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-08-02 17:08 258048 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-08-02 17:02 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-08-02 17:02 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-08-02 17:02 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-08-02 17:02 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-08-02 17:02 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-08-02 17:01 401408 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-08-02 17:00 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-08-02 16:55 2373088 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-08-02 16:51 2354720 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-08-02 16:49 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-08-02 16:45 5136384 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-08-02 16:41 208896 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-08-02 16:40 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-08-02 16:40 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-08-02 16:35 286720 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-08-02 10:40 81920 --a------ C:\Documents and Settings\Dustin\Application Data\ezpinst.exe
2006-08-02 10:40 7176 --a------ C:\Documents and Settings\Dustin\Application Data\pcouffin.cat
2006-08-02 10:40 47360 --a------ C:\Documents and Settings\Dustin\Application Data\pcouffin.sys
2006-08-02 10:40 34 --a------ C:\Documents and Settings\Dustin\Application Data\pcouffin.log
2006-08-02 10:40 1144 --a------ C:\Documents and Settings\Dustin\Application Data\pcouffin.inf
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-28 09:30 62744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2006-07-28 09:30 236824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 00:40 220 --ahs---- C:\WINDOWS\dwin.sys
2006-07-14 10:51 121856 --------- C:\WINDOWS\system32\xmllite.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Gaim"="C:\\Program Files\\Gaim\\gaim.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"Weather Pulse"=""
"DLLHOST"="C:\\WINDOWS\\system32\\dllhost32.exe"
"mwrr"="C:\\PROGRA~1\\COMMON~1\\mwrr\\mwrrm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"Turtle Beach Audio Advantage Micro"="\"C:\\Program Files\\Turtle Beach\\AudioAdvantageMicro\\TBAA.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\isuspm.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WinVNC"="\"C:\\Program Files\\UltraVNC\\WinVNC.exe\" -servicehelper"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DLLHOST"="C:\\WINDOWS\\system32\\dllhost32.exe"
"1pop06apelt2"="C:\\WINDOWS\\elitepop06.exe"
"adstart"="\"iexplore.exe\" \"http://iesettingsupdate\""
"ToolbarInstall"="C:\\WINDOWS\\MirarSetup_876057.exe"
"win3211-1199070174"="C:\\WINDOWS\\win3211-1199070174.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: 06-10-12 15:03:55.20
ComboFix.txt


Here is the uninstall list:
µTorrent
18 Wheels of Steel Pedal to the Metal
Ad-Aware SE Personal
Adobe Reader 7.0.8
Adobe Shockwave Player
Ahead Nero Burning Rom PlugIn Pack 2.0.2 by MadHacker2k4
AMD CPUInfo
AMD Power Monitor
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
Application Compatibility Toolkit
Ares 1.9.0
Aspell English Dictionary-0.50-2
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audio Advantage Micro Driver
AudioAdvantageMicro
BitPim 0.9.04
Broadcom 802.11 Wireless LAN Adapter
Cain & Abel v2.9
Conexant AC-Link Audio
ConvertXtoDVD 2.0.15
Creative DVD Audio Plugin for Audigy Series
Data Fax SoftModem with SmartCP
DH Driver Cleaner Professional Edition
DivX
DivX Converter
DivX Player
DivX Web Player
Dream Aquarium
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD-RAM Driver
EA downloader
EA SPORTS online 2007
elitemediagroup
Enhanced Browser Overlay
Ethereal 0.99.0
Eusing Free Registry Cleaner
FLAC Installer 1.1.2a (remove only)
Gaim (remove only)
Game Jackal
GNU Aspell 0.50-3
Google Toolbar for Internet Explorer
Google Video Player
GTK+ Runtime 2.6.10 rev a (remove only)
HijackThis 1.99.1
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP BatteryCheck 1.00 A7
HP Download Manager
HP Help and Support
HP Software Update
HP User Guides 0001
HP Web Jetadmin
HP Wireless Assistant 2.00 C1
Image Resizer Powertoy for Windows XP
InterVideo WinDVD 7
InterVideo WinDVD Creator 3
iTunes
J2SE Runtime Environment 5.0 Update 6
Lame ACM MP3 Codec
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Madden NFL 07
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Location Finder
Microsoft Office Professional Edition 2003
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Virtual PC 2004
Microsoft Windows Vista Upgrade Advisor
Mozilla Firefox (1.5.0.7)
MSXML 4.0
MSXML 4.0
MSXML 4.0 SP2 Parser and SDK
MusicBrainz Picard 0.7.0
muvee autoProducer 4.0 - SE
Nero 6 Ultra Edition
Nero Digital
Network Play System (Patching)
Network Stumbler 0.4.0 (remove only)
NSV Encoder (remove only)
nsvgui7
oggcodecs 0.71.0946
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
Pack Vista Inspirat 1.1
PHP 5.1.4
PHP DESIGNER 2006 4.06
PPLive 1.2.39
Project64 1.6
PuTTY version 0.58
QPST
Quick Launch Buttons 5.10 B5
QuickTime
ratDVD 0.78.1444
REALTEK Gigabit and Fast Ethernet NIC Driver
Related Page
SAM 2003
SAM Party DJ (remove only)
SAM3 (remove only)
Samsung USB Driver (MCCI 4.24 WHQL)
SamsungPST Preloaded Application for A950 v1.07 MOD and MP3
SamsungPST_SCHA950 DLL for Verizon
SamsungPSTLite
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SHOUTcast Source DSP 1.9.0 (remove only)
Skype 2.5
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sony USB Driver
SopCast 0.9.8
SpeedFan (remove only)
SUPER © Version 2006.19 (FIX)
Synaptics Pointing Device Driver
System Requirements Lab
Texas Instruments PCIxx21/x515 drivers.
The GIMP 2.2.13
TVUPlayer 2.2.0
Tweak UI
UltraVNC v1.0.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Viewpoint Media Player
VoipStunt
VSToolbar for Internet Explorer
Weather Pulse 2.05 build 36
Winamp (remove only)
Windows Defender Signatures
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WinPcap 3.1
WinRAR archiver
XBCD 360 Drivers (Win XP)
Xbox 360 Controller for Windows
X-Chat 2 (remove only)
XNA Build System
XP Codec Pack
XviD 1.1 final uninstall
Yahoo! Messenger

And here is the new HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:09:49 PM, on 10/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\elitepop06.exe
C:\WINDOWS\MirarSetup_876057.exe
C:\WINDOWS\win3211-1199070174.exe
C:\Program Files\Gaim\gaim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\mwrr\mwrrm.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\COMMON~1\mwrr\mwrra.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\Duce6.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Office11 - Disc 1 - Professional\SETUP.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsb4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Turtle Beach Audio Advantage Micro] "C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLLHOST] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [ToolbarInstall] C:\WINDOWS\MirarSetup_876057.exe
O4 - HKLM\..\Run: [win3211-1199070174] C:\WINDOWS\win3211-1199070174.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DLLHOST] C:\WINDOWS\system32\dllhost32.exe
O4 - HKCU\..\Run: [mwrr] C:\PROGRA~1\COMMON~1\mwrr\mwrrm.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Dustin\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150661646569
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150661639694
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {FC6703A7-5B7E-4f58-BE6D-2693AA3906AE} (HP Content Update) - http://h30299.www3.hp.com/ediags/hpna/web/...hp.cab?1,0,0,94
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = heimerl.local
O17 - HKLM\Software\..\Telephony: DomainName = heimerl.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = heimerl.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = heimerl.local
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: HP Web Jetadmin (HPWebJetadmin) - Unknown owner - C:\Program Files\HP Web Jetadmin\hpwebjetd.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:12 PM

Posted 12 October 2006 - 03:45 PM

Hello there,

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Click on start, then control panel, and then double-click on add/remove programs.
From within add/remove program uninstall the following if they exist by double-clicking on the following entries:

elitemediagroup
Enhanced Browser Overlay
Gaim (remove only)
Viewpoint Media Player
VSToolbar for Internet Explorer


Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\system32\nsb4.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O2 - BHO: AD Rotator - {EEC590D8-0A3C-4464-BB20-25A4747992F9} - C:\WINDOWS\system32\adrotate.dll (file missing)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O4 - HKLM\..\Run: [DLLHOST] C:\WINDOWS\system32\dllhost32.exe
O4 - HKLM\..\Run: [1pop06apelt2] C:\WINDOWS\elitepop06.exe
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKLM\..\Run: [ToolbarInstall] C:\WINDOWS\MirarSetup_876057.exe
O4 - HKLM\..\Run: [win3211-1199070174] C:\WINDOWS\win3211-1199070174.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [Gaim] C:\Program Files\Gaim\gaim.exe
O4 - HKCU\..\Run: [DLLHOST] C:\WINDOWS\system32\dllhost32.exe
O4 - HKCU\..\Run: [mwrr] C:\PROGRA~1\COMMON~1\mwrr\mwrrm.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)


Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download KillBox from the following link :
http://www.bleepingcomputer.com/files/killbox.php
Unzip the folder to your desktop.

Start Killbox.exe
Select the "Delete on Reboot" option.
Click on the "All Files" button (!important!),which will then flash green.
Copy the complete text in bold below to the clipboard by highlighting the filepaths and pressing Control + C:

C:\WINDOWS\system32\WinNB58.dll
C:\WINDOWS\system32\nsb4.dll
C:\WINDOWS\unstall.exe
C:\WINDOWS\idlemg.exe
C:\WINDOWS\win3211-1199070174.exe
C:\WINDOWS\MirarSetup_876057.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\system32\sgzb658d.sys
C:\WINDOWS\elitepop06.exe
C:\WINDOWS\hancerdoem.exe
C:\WINDOWS\1011_justin.exe
C:\WINDOWS\Setup90.exe
C:\WINDOWS\ac3_0002.exe
C:\WINDOWS\system32\lfwtdefm.dll
C:\WINDOWS\system32\swlvupqm.exe
C:\WINDOWS\system32\mlkkj.bak1
C:\WINDOWS\system32\jkklm.dll.vir
C:\WINDOWS\system32\rlpfpvb.dll
C:\WINDOWS\system32\ekxthrh.dll
C:\WINDOWS\system32\nnnnomj.dll
C:\WINDOWS\system32\winzwr32.dll
C:\WINDOWS\system32\justin.exe
C:\WINDOWS\system32\ts_www.exe
C:\WINDOWS\109uninst.exe
C:\WINDOWS\uni_7eh.exe
C:\WINDOWS\system32\dllhost32.exe


Open 'file' in the killboxmenu on top and choose Paste from clipboard
You must use the file File menu--pasting by right-clicking the mouse will only enter one file.
Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click "yes".
Click OK at any Pending File Rename Operations prompt, let me know if there appear.
If you don't get that message, reboot manually.
Your computer should reboot now.

Please find and delete the following folders:
C:\Documents and Settings\Dustin\Application Data\.gaim
C:\Program Files\Common Files\mwrr
C:\Program Files\webHancer
C:\Program Files\Viewpoint

Please reboot a final time and post a new Hijackthis log.
David

#5 dwheimerl

dwheimerl
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 12 October 2006 - 04:50 PM

I just have a question before I do everything you said. Why do you want me to remove gaim? I use that for chatting on AIM and MSN.

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:08:12 PM

Posted 13 October 2006 - 11:17 AM

Yes sorry please leave that entry.
I saw it as "Gain", an unwanted advertisment software.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users