Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Softomate Toolbar


  • Please log in to reply
6 replies to this topic

#1 arkit224

arkit224

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 23 January 2007 - 11:58 AM

hi i found out about this toolbar when i was doing a routine check with the ad-ware SE. I can't seem to remove this item, and i didn't do anything else but a hijackthis scan and log
Can anyone help me out? thanks in advance
Here is my log file

Logfile of HijackThis v1.99.1
Scan saved at 10:53:27 AM, on 1/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\DOCUME~1\CHUNKI~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\QTRAYIME.EXE
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h
O4 - HKLM\..\Run: [winlogin32] C:\WINDOWS\system32\winlogin32.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [winlogin32] C:\WINDOWS\system32\winlogin32.exe
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - Startup: 九方快速啟動.lnk = C:\WINDOWS\system32\QTRAYIME.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = %ProgramFiles%\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: AETQQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://www.wfg-online.com/Chart/Download/CfxIE.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/chainz2/mjolauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.bigfishgames.com/online/bejewel...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0001291 (file missing)
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)


sorry, i just found out i posted this in the wrong section, can the Op help me move to the appropiate section or delete it?

Edited by arkit224, 23 January 2007 - 12:01 PM.


BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 23 January 2007 - 12:37 PM

1. Download this file :

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall


====================
Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 arkit224

arkit224
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 23 January 2007 - 07:48 PM

hi, i did combofix and superantispyware

here are the log

"Chunkit So" - 07-01-23 13:02:36 Service Pack 2
ComboFix 07-01-23.2 - Running from: "C:\Documents and Settings\Chunkit So\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\uninstall_nmon.vbs
C:\DOCUME~1\CHUNKI~1\Application Data\Install.dat
C:\Program Files\INSTALL.LOG
C:\DOCUME~1\CHUNKI~1\Application Data\Macromedia\Flash Player\#SharedObjects\5AFWW3EY\www.inter-focus.cn
C:\DOCUME~1\CHUNKI~1\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\DOCUME~1\LOCALS~1\Application Data\NetMon
C:\Program Files\Common Files\{24FDB~1
C:\Program Files\Common Files\{34FDB~1
C:\Program Files\InetGet2
C:\Program Files\Inetget2


((((((((((((((((((((((((((((((( Files Created from 2006-12-23 to 2007-01-23 ))))))))))))))))))))))))))))))))))


2007-01-23 12:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-23 12:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-23 12:57 <DIR> d-------- C:\DOCUME~1\CHUNKI~1\Application Data\SUPERAntiSpyware.com
2007-01-23 12:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-01-23 09:24 3,842 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-23 09:23 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-23 09:23 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-23 09:23 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-23 09:23 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-23 09:23 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-23 09:23 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-23 09:20 <DIR> d-------- C:\Hijackthis
2007-01-19 15:25 <DIR> d--hs---- C:\WINDOWS\Q2h1bmtpdCBTbw
2007-01-19 13:47 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-01-19 13:47 344,064 --------- C:\WINDOWS\Setup1.exe
2007-01-19 13:47 <DIR> d-------- C:\Program Files\Rebate! Rebate!
2007-01-19 10:01 <DIR> d-------- C:\Program Files\FlashGet
2007-01-19 09:58 <DIR> d-------- C:\Program Files\QuickTime Alternative
2007-01-19 09:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
2007-01-16 19:45 <DIR> d-------- C:\DOCUME~1\CHUNKI~1\Application Data\U3
2007-01-11 19:25 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 08:08 <DIR> d-------- C:\Program Files\uTorrent
2007-01-11 08:08 <DIR> d-------- C:\DOCUME~1\CHUNKI~1\Application Data\uTorrent
2007-01-02 03:23 <DIR> d-------- C:\DOCUME~1\CHUNKI~1\webconnect


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-23 12:30 3766 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2007-01-23 11:18 -------- d-------- C:\Program Files\mozilla firefox
2007-01-22 13:30 54 ---hs---- C:\DOCUME~1\CHUNKI~1\Application Data\.zreglib
2007-01-22 13:28 88 -r-hs---- C:\WINDOWS\system32\90047c6163.sys
2007-01-19 14:54 -------- d-------- C:\Program Files\emule
2007-01-19 09:51 -------- d-------- C:\Program Files\quicktime
2006-12-23 11:25 -------- d-------- C:\Program Files\google
2006-12-14 21:40 -------- d---s---- C:\DOCUME~1\CHUNKI~1\Application Data\microsoft
2006-12-09 15:42 -------- d-------- C:\DOCUME~1\CHUNKI~1\Application Data\ahead
2006-12-08 18:30 -------- d-------- C:\DOCUME~1\CHUNKI~1\Application Data\corel photo album
2006-12-06 23:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-05 11:40 -------- d-------- C:\Program Files\dvd decrypter
2006-11-27 20:40 -------- d-------- C:\DOCUME~1\CHUNKI~1\Application Data\logitech
2006-11-27 20:37 -------- d--h----- C:\Program Files\installshield installation information
2006-11-27 20:37 -------- d-------- C:\Program Files\logitech
2006-11-27 20:37 -------- d-------- C:\Program Files\Common Files\logitech
2006-11-25 13:56 -------- d-------- C:\Program Files\combined community codec pack
2006-11-07 23:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 13:01 524288 --a------ C:\WINDOWS\system32\ffcoreus.dll
2006-11-07 13:01 139264 --a------ C:\WINDOWS\system32\bhocitus.dll
2006-11-07 13:01 122880 --a------ C:\WINDOWS\system32\ffcitius.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SetDefaultMIDI"="MIDIDef.exe"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"Creative WebCam Tray"="\"C:\\Program Files\\Creative\\Shared Files\\CamTray.exe\""
"winlogin32"="C:\\WINDOWS\\system32\\winlogin32.exe"
"Active Desktop Calendar"="C:\\Program Files\\XemiComputers\\Active Desktop Calendar\\ADC.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"CTSysVol"="C:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"MBMon"="Rundll32 CTMBHA.DLL,MBMon"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"VoiceCenter"="\"C:\\Program Files\\Creative\\VoiceCenter\\AndreaVC.exe\" /tray"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PD0630 STISvc"="RunDLL32.exe P0630Pin.dll,RunDLL32EP 513"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"MSNDreyePlugin"="C:\\Program Files\\Inventec\\Dreye\\DreyeMT\\msnplugin.exe /h"
"winlogin32"="C:\\WINDOWS\\system32\\winlogin32.exe"
"CitiVAN"="C:\\Program Files\\Citi Virtual Account Numbers\\CitiVAN.exe /dontopenmycards"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N]
Shell\AutoRun\command N:\LaunchU3.exe
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASDIFSV
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASENUM
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SASKUTIL


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-23 13:04:09

superantispyware

SUPERAntiSpyware Scan Log
Generated 01/23/2007 at 01:49 PM

Application Version : 3.5.1016

Core Rules Database Version : 3170
Trace Rules Database Version: 1180

Scan type : Complete Scan
Total Scan Time : 00:43:10

Memory items scanned : 438
Memory threats detected : 0
Registry items scanned : 5706
Registry threats detected : 29
File items scanned : 50502
File threats detected : 132

Worm.Rbot Variant
[winlogin32] C:\WINDOWS\SYSTEM32\WINLOGIN32.EXE
C:\WINDOWS\SYSTEM32\WINLOGIN32.EXE
[winlogin32] C:\WINDOWS\SYSTEM32\WINLOGIN32.EXE

Trojan.ALIBABAR
HKLM\Software\Classes\CLSID\{0A1375E1-56C2-11D6-8E45-8933A0FB5235}
HKCR\CLSID\{0A1375E1-56C2-11D6-8E45-8933A0FB5235}
HKCR\CLSID\{0A1375E1-56C2-11D6-8E45-8933A0FB5235}
HKCR\CLSID\{0A1375E1-56C2-11D6-8E45-8933A0FB5235}\InprocServer32
HKCR\CLSID\{0A1375E1-56C2-11D6-8E45-8933A0FB5235}\InprocServer32#ThreadingModel
C:\PROGRA~1\ALIBABAR\ALIBABAR.DLL
HKLM\Software\Classes\CLSID\{35C48C23-BDD7-11D6-8E47-0007952BA234}
HKCR\CLSID\{35C48C23-BDD7-11D6-8E47-0007952BA234}
HKCR\CLSID\{35C48C23-BDD7-11D6-8E47-0007952BA234}
HKCR\CLSID\{35C48C23-BDD7-11D6-8E47-0007952BA234}\InprocServer32
HKCR\CLSID\{35C48C23-BDD7-11D6-8E47-0007952BA234}\InprocServer32#ThreadingModel
HKCR\CLSID\{35C48C23-BDD7-11D6-8E47-0007952BA234}\ProgID
HKCR\CLSID\{35C48C23-BDD7-11D6-8E47-0007952BA234}\TypeLib
HKCR\CLSID\{35C48C23-BDD7-11D6-8E47-0007952BA234}\Version
HKLM\Software\Classes\CLSID\{CE439C63-384A-747A-A357-23D96B5D652B}
HKCR\CLSID\{CE439C63-384A-747A-A357-23D96B5D652B}
HKCR\CLSID\{CE439C63-384A-747A-A357-23D96B5D652B}
HKCR\CLSID\{CE439C63-384A-747A-A357-23D96B5D652B}\InprocServer32
HKCR\CLSID\{CE439C63-384A-747A-A357-23D96B5D652B}\InprocServer32#ThreadingModel
HKCR\CLSID\{CE439C63-384A-747A-A357-23D96B5D652B}\ProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE439C63-384A-747A-A357-23D96B5D652B}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0A1375E1-56C2-11D6-8E45-8933A0FB5235}
C:\PROGRAM FILES\ALIBABAR\ALIBABAR.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@burstnet[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@182920392988439[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@bizrate[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@adopt.hbmediapro[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@91700348[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@www.sexuploader[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@mediaplex[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@handbag[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@dist.belnk[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@overture[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@adknowledge[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@adsrevenue[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ads.realtechnetwork[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@atwola[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@clicksor[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@indextools[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@banner[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ad1.clickhype[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@cgi-bin[3].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@cpvfeed[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@ad.pdbox.co[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@3.adbrite[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@fastclick[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@tacoda[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@adopt.specificclick[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@yadro[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@atdmt[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ad.yieldmanager[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@exitexchange[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@data2.perf.overture[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@belnk[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@interclick[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@hits.clickandtrack[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@Ads2[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@xiti[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@9946950[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@media.adrevolver[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@adimages.sina.com[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ads.us.e-planning[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@doubleclick[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@23702433[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@precisionclick[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@data3.perf.overture[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@toplist[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@adrevolver[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@fcstats.bcentral[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@anat.tacoda[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@008.free-counter.co[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@nextag[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@partners.adultadworld[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@clicks.emarketmakers[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@pt.crossmediaservices[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@webstat[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@kanoodle[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@9551721[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@advertising[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@admarketplace[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@adsmediaonline[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@mediafire[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@a.websponsors[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@adbrite[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@qnsr[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@sexdvd2000[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@ads.cnn[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ads.revsci[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@89178482[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@ads.as4x.tmcs[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@roiservice[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@handbag[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@ads2.blastro[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@counter.surfcounters[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@stats.adbrite[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@anad.tacoda[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@www.sexdvd2000[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@partypoker[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@zedo[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@data1.perf.overture[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@www.googleadservices[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@dealtime[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@clickshift[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@www.redorbit[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@indiads[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@entrepreneur[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@r-kimedia.co[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@clicktorrent[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@sales.liveperson[4].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@ads.monster[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@partner2profit[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@cgi-bin[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@regalinteractive[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@4.adbrite[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@revsci[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@redorbit[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@911190555233333[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@shinystat[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@thinkmedia[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@popularmedia.directtrack[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@sales.liveperson[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@www.burstnet[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@trafficmp[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@www.ezytrack[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@c5.zedo[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@www.burstbeacon[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ads.people.com[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@52182491[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@data4.perf.overture[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@www.dealtime[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@publishers.clickbooth[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ads.cdfreaks[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ads.adbrite[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@sales.liveperson[3].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@enterprise.clickdefense[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@ads.mixi[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@s[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@icc.intellisrv[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@ad.fashionguide.com[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@www.googleadservices[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@www.short-media[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@mymedia.yam[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@toplist.bitcomet[2].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@www.trackingroi[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@adlegend[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@tracking.3gnet[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit_so@saletrack.co[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@sexy_student_u_106083[1].txt
C:\Documents and Settings\Chunkit So\Cookies\chunkit so@sexy_student_u_106086[1].txt

Trojan.cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService
HKLM\SYSTEM\CurrentControlSet\Services\cmdService#Type
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\cmdService\Enum#NextInstance

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP274\A0045445.VBS
C:\WINDOWS\Q2H1BMTPDCBTBW\KZ1YVAQDXF1NVT.VBS

and finally hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 6:47:28 PM, on 1/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\DOCUME~1\CHUNKI~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\QTRAYIME.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: 九方快速啟動.lnk = C:\WINDOWS\system32\QTRAYIME.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = %ProgramFiles%\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://www.wfg-online.com/Chart/Download/CfxIE.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/chainz2/mjolauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.bigfishgames.com/online/bejewel...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

thanks

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 24 January 2007 - 09:09 AM

You have no active AntiVirus!

Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
============

After doing the above how are things
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 arkit224

arkit224
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 24 January 2007 - 10:50 AM

Everything so far looks fine, no virus, i generate another log from hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 9:48:09 AM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\DOCUME~1\CHUNKI~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\QTRAYIME.EXE
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: 九方快速啟動.lnk = C:\WINDOWS\system32\QTRAYIME.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = %ProgramFiles%\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX IE 2000 Control) - http://www.wfg-online.com/Chart/Download/CfxIE.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/chainz2/mjolauncher.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.bigfishgames.com/online/bejewel...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

how does it look?

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:10 AM

Posted 24 January 2007 - 01:35 PM

Clean Posted Image

Turn off restore points, boot, turn them back on heres how

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:03:10 PM

Posted 01 February 2007 - 03:46 PM

Hi :thumbsup:

Still with us arkit224? Can you please run combofix and post the log for a last check-up?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users