Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected


  • Please log in to reply
13 replies to this topic

#1 td323i

td323i

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 28 February 2007 - 10:31 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:27:07 PM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mbti.exe
C:\WINDOWS\system32\csts.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\mbti.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mbti.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {332EA107-6F93-4269-B9F2-160DFDB6A23F} - C:\WINDOWS\system32\vtsqq.dll
O2 - BHO: (no name) - {34DD3C33-71DE-4829-8BDF-CD9594D715DA} - C:\WINDOWS\system32\vtsqq.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ptcqyqfh.dll
O2 - BHO: (no name) - {6FCEBB48-000B-41B6-8D42-C1359DAAAAF2} - C:\WINDOWS\system32\ddccayy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7F5A2699-38CD-4B98-B193-5916D6566B01} - C:\WINDOWS\system32\ljjihfd.dll
O2 - BHO: (no name) - {A146E9AE-F095-4827-8904-A00581FC3A45} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tkutmkpq.dll
O2 - BHO: (no name) - {FA9CD1B6-1F15-4027-8730-9098886386BB} - C:\WINDOWS\system32\vtsqq.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anti-Virus] C:\WINDOWS\system32\vpms.exe
O4 - HKLM\..\Run: [Microsoft ® Windows Network Latency Controller] C:\WINDOWS\system32\mbti.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\mwqtcveo.dll",setvm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C41FAF32] C:\WINDOWS\system32\mlsdf8h4997074.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137628859781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143144339125
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)
O20 - Winlogon Notify: ddccayy - C:\WINDOWS\SYSTEM32\ddccayy.dll
O20 - Winlogon Notify: ljjihfd - C:\WINDOWS\SYSTEM32\ljjihfd.dll
O20 - Winlogon Notify: mljkhgg - C:\WINDOWS\SYSTEM32\mljkhgg.dll
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\system32\vtsqq.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Windows Network Latency Controller (nlc) - Unknown owner - C:\WINDOWS\system32\mbti.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RPC Debug Control (RPCDB) - Unknown owner - C:\WINDOWS\system32\csts.exe
O23 - Service: Print Spooler Service (use9byy3dheau) - Unknown owner - C:\WINDOWS\system32\mlsdf8h4997074.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 March 2007 - 04:00 AM

Welcome td323i :thumbsup:

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".
This will change from what we know in 2006 read this article:
http://www.clickz.com/news/article.php/3561546

You are well advised to remove the program now.
Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

Viewpoint
Viewpoint Manager
Viewpoint Media Player


Then reboot.

**************************

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

**************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply,along with a new Hijackthis log please.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

**************************

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply,along with the C:\vundofix.txt and a new Hijackthis log please.
Posted Image
Posted Image

#3 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 01 March 2007 - 07:47 AM

Thank You!!!

#4 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 01 March 2007 - 06:06 PM

SDFix: Version 1.69

Run by Alessa - Thu 03/01/2007 @ 17:43:46.10

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\hijackthis\SDFix\SDFix

Safe Mode:
Checking Services:

Name:
nlc
RPCDB
TIME
WTIME
use9byy3dheau

Path:
C:\WINDOWS\system32\mbti.exe
"C:\WINDOWS\system32\csts.exe"
C:\WINDOWS\system32\mlsdf8huskcu.exe
\??\C:\WINDOWS\system32\timedrv26.sys
C:\WINDOWS\system32\mlsdf8h4997074.exe /service

nlc Deleted
RPCDB Deleted
TIME Deleted
WTIME Deleted
use9byy3dheau Deleted


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\cjnr4r41090105.exe - Deleted
C:\WINDOWS\system32\cjnr4r41175490.exe - Deleted
C:\WINDOWS\system32\cjnr4r4130825.exe - Deleted
C:\WINDOWS\system32\cjnr4r4222995.exe - Deleted
C:\WINDOWS\system32\cjnr4r42776165.exe - Deleted
C:\WINDOWS\system32\cjnr4r42990720.exe - Deleted
C:\WINDOWS\system32\cjnr4r43635385.exe - Deleted
C:\WINDOWS\system32\cjnr4r43765770.exe - Deleted
C:\WINDOWS\system32\cjnr4r43987800.exe - Deleted
C:\WINDOWS\system32\cjnr4r44789840.exe - Deleted
C:\WINDOWS\system32\cjnr4r45078445.exe - Deleted
C:\WINDOWS\system32\cjnr4r47391635.exe - Deleted
C:\WINDOWS\system32\cjnr4r47880160.exe - Deleted
C:\WINDOWS\system32\cjnr4r48960330.exe - Deleted
C:\WINDOWS\system32\cjnr4r49355400.exe - Deleted
C:\WINDOWS\system32\cjnr4r4fypogyqi.exe - Deleted
C:\WINDOWS\system32\cjnr4r4jbtrjb.exe - Deleted
C:\WINDOWS\system32\cjnr4r4ogywogyrk.exe - Deleted
C:\WINDOWS\system32\cjnr4r4ohyqiatldw.exe - Deleted
C:\WINDOWS\system32\cjnr4r4xpgyqogzrq.exe - Deleted
C:\WINDOWS\Temp\cjnr4r43028005.exe - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD72C.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD72E.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD72F.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD7D0.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD7D1.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD7D2.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD7D6.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD7D7.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD7DE.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r4501FD7DF.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r45393125.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r46B06FCE4.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r46B06FCE7.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r46B06FCF2.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r46B06FCF4.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r46B06FCFB.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r46B06FCFC.tmp - Deleted
C:\WINDOWS\Temp\cjnr4r46B06FCFD.tmp - Deleted
C:\WINDOWS\system32\dior4f41292296.exe - Deleted
C:\WINDOWS\system32\dior4f41383586.exe - Deleted
C:\WINDOWS\system32\dior4f41718596.exe - Deleted
C:\WINDOWS\system32\dior4f42165821.exe - Deleted
C:\WINDOWS\system32\dior4f43157706.exe - Deleted
C:\WINDOWS\system32\dior4f43662981.exe - Deleted
C:\WINDOWS\system32\dior4f44010296.exe - Deleted
C:\WINDOWS\system32\dior4f44209756.exe - Deleted
C:\WINDOWS\system32\dior4f44580471.exe - Deleted
C:\WINDOWS\system32\dior4f46377076.exe - Deleted
C:\WINDOWS\system32\dior4f46847626.exe - Deleted
C:\WINDOWS\system32\dior4f47229461.exe - Deleted
C:\WINDOWS\system32\dior4f47501306.exe - Deleted
C:\WINDOWS\system32\dior4f48959761.exe - Deleted
C:\WINDOWS\system32\dior4f49052851.exe - Deleted
C:\WINDOWS\system32\dior4f4gyqh.exe - Deleted
C:\WINDOWS\Temp\dior4f42364456.tmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061016-101447-00.mdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061019-032327-00.mdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061027-165604-00.mdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061028-133239-00.hdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061028-133239-00.mdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061106-194851-00.hdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061106-194851-00.mdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061111-111414-00.mdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061114-201531-00.hdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20061114-201531-00.mdmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\mlsdf8hdvnfxvn.exe.20070301-225733-00.mdmp - Deleted
C:\WINDOWS\system32\mlsdf8h2143319.exe - Deleted
C:\WINDOWS\system32\mlsdf8h4234679.exe - Deleted
C:\WINDOWS\system32\mlsdf8h4997074.exe - Deleted
C:\WINDOWS\system32\mlsdf8h6018479.exe - Deleted
C:\WINDOWS\system32\mlsdf8h6308594.exe - Deleted
C:\WINDOWS\system32\mlsdf8h6770319.exe - Deleted
C:\WINDOWS\system32\mlsdf8h6840154.exe - Deleted
C:\WINDOWS\system32\mlsdf8h8044899.exe - Deleted
C:\WINDOWS\system32\mlsdf8h8597194.exe - Deleted
C:\WINDOWS\system32\mlsdf8h9903434.exe - Deleted
C:\WINDOWS\system32\mlsdf8hpofxpnfy.exe - Deleted
C:\WINDOWS\system32\mlsdf8hrriasqibt.exe - Deleted
C:\WINDOWS\system32\mlsdf8huskcu.exe - Deleted
C:\WINDOWS\Temp\mlsdf8h8344264.tmp - Deleted
C:\WINDOWS\pchealth\ERRORREP\UserDumps\nlkfev7evnfx.exe.20060926-102217-00.mdmp - Deleted
C:\WINDOWS\system32\nlkfev71029337.exe - Deleted
C:\WINDOWS\system32\nlkfev71119322.exe - Deleted
C:\WINDOWS\system32\nlkfev73957582.exe - Deleted
C:\WINDOWS\system32\nlkfev75102987.exe - Deleted
C:\WINDOWS\system32\nlkfev75588457.exe - Deleted
C:\WINDOWS\system32\nlkfev75833272.exe - Deleted
C:\WINDOWS\system32\nlkfev76013462.exe - Deleted
C:\WINDOWS\system32\nlkfev76452282.exe - Deleted
C:\WINDOWS\system32\nlkfev76841502.exe - Deleted
C:\WINDOWS\system32\nlkfev7764292.exe - Deleted
C:\WINDOWS\system32\nlkfev78012417.exe - Deleted
C:\WINDOWS\system32\nlkfev78173942.exe - Deleted
C:\WINDOWS\system32\nlkfev79164637.exe - Deleted
C:\WINDOWS\system32\nlkfev79330917.exe - Deleted
C:\WINDOWS\system32\nlkfev79933207.exe - Deleted
C:\WINDOWS\system32\nlkfev7bskcu.exe - Deleted
C:\WINDOWS\system32\nlkfev7evnfx.exe - Deleted
C:\WINDOWS\system32\nlkfev7ibsk.exe - Deleted
C:\WINDOWS\Temp\nlkfev74D1AC438.tmp - Deleted
C:\WINDOWS\Temp\nlkfev74D1AC439.tmp - Deleted
C:\WINDOWS\Temp\nlkfev77603EFC2.tmp - Deleted
C:\WINDOWS\Temp\nlkfev77603EFC5.tmp - Deleted
C:\WINDOWS\system32\sklrr7y1280673.exe - Deleted
C:\WINDOWS\system32\sklrr7y2505613.exe - Deleted
C:\WINDOWS\system32\sklrr7y2842638.exe - Deleted
C:\WINDOWS\system32\sklrr7y3513858.exe - Deleted
C:\WINDOWS\system32\sklrr7y411208.exe - Deleted
C:\WINDOWS\system32\sklrr7y529588.exe - Deleted
C:\WINDOWS\system32\sklrr7y5893453.exe - Deleted
C:\WINDOWS\system32\sklrr7y772368.exe - Deleted
C:\WINDOWS\system32\sklrr7y7995563.exe - Deleted
C:\WINDOWS\system32\sklrr7y8206158.exe - Deleted
C:\WINDOWS\system32\sklrr7y8518958.exe - Deleted
C:\WINDOWS\system32\sklrr7y8839598.exe - Deleted
C:\WINDOWS\system32\sklrr7yewume.exe - Deleted
C:\WINDOWS\system32\sklrr7ykcuskc.exe - Deleted
C:\WINDOWS\system32\sklrr7yslcatl.exe - Deleted
C:\WINDOWS\Temp\sklrr7y2208168.exe - Deleted
C:\WINDOWS\system32\timedrv26.sys - Deleted
C:\DOCUME~1\Alessa\LOCALS~1\Temp\cjnr4r4501FD7D1.tmp - Deleted
C:\DOCUME~1\Alessa\LOCALS~1\Temp\cjnr4r4501FD7D6.tmp - Deleted
C:\DOCUME~1\Alessa\LOCALS~1\Temp\cjnr4r4501FD7D7.tmp - Deleted
C:\DOCUME~1\Alessa\LOCALS~1\Temp\cjnr4r4501FD7DE.tmp - Deleted
C:\DOCUME~1\Alessa\LOCALS~1\Temp\cjnr4r46B06FCFB.tmp - Deleted
C:\DOCUME~1\Alessa\LOCALS~1\Temp\cjnr4r46B06FCFD.tmp - Deleted
C:\DOCUME~1\Alessa\LOCALS~1\Temp\WER38ce.dir00\nlkfev7evnfx.exe.mdmp - Deleted
C:\WINDOWS\system32\csts.exe - Deleted
C:\WINDOWS\system32\mbti.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted

Could Not Remove C:\WINDOWS\system32\mlsdf8hdvnfxvn.exe


ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\system32\\vrss.exe"="C:\\WINDOWS\\system32\\vrss.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\vpms.exe"="C:\\WINDOWS\\system32\\vpms.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\mbti.exe"="C:\\WINDOWS\\system32\\mbti.exe:*:Enabled:Microsoft ® Windows Network Latency Controller"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\WINDOWS\\system32\\vrss.exe"="C:\\WINDOWS\\system32\\vrss.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\vpms.exe"="C:\\WINDOWS\\system32\\vpms.exe:*:Enabled:Server"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"


Remaining Files:
---------------
C:\WINDOWS\system32\mlsdf8hdvnfxvn.exe Found

Backups Folder: - C:\HIJACK~1\SDFix\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\Documents and Settings\Alessa\My Documents\myophile.com13\Thumbs.db
C:\Documents and Settings\Mom\My Documents\myophile.com13\Thumbs.db
C:\Documents and Settings\Alessa\Local Settings\Temp\acuixnmk.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\blljlkqs.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\crmvrons.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\cyfogfrm.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\eequfkjv.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\gmhqlcmd.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\hmechasp.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\jcsxctka.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\jjcminng.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\npndjjpm.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\pibkuhvi.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\ulbhppdj.dll
C:\Documents and Settings\Alessa\Local Settings\Temp\wfwesptb.dll
C:\Documents and Settings\Cameron\Local Settings\Temp\gjhcvdve.dll
C:\Documents and Settings\Cameron\Local Settings\Temp\prmrdoqx.dll
C:\Documents and Settings\Dad\Local Settings\Temp\havllrvo.dll
C:\Documents and Settings\Dad\Local Settings\Temp\yjfvovnd.dll
C:\WINDOWS\system32\ddccayy.dll
C:\WINDOWS\system32\hgggdde.dll
C:\WINDOWS\system32\hgghfcb.dll
C:\WINDOWS\system32\mljkhgg.dll
C:\mt2560.exe
C:\Program Files\America Online 9.0\aolphx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\RBM.exe
C:\WINDOWS\system32\mvtc4692734.exe
C:\WINDOWS\system32\2CA2559E6F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\Dad\My Documents\Tanawanda\~WRL3536.tmp
C:\WINDOWS\system32\qqstv.tmp

Add/Remove Programs List:

AOL Uninstaller (Choose which Products to Remove)
ATI Display Driver
AVG Anti-Virus 7.0
CopySafe Plugin
HijackThis 1.99.1
HP Document Viewer 5.3
HP Imaging Device Functions 5.3
HP Image Zone 5.3
HP Solution Center & Imaging Support Tools 5.3
HP Extended Capabilities 5.3
iPod for Windows 2006-06-28
Kaspersky Online Scanner
High Definition Audio Driver Package - KB835221
Lame ACM MP3 Codec
LG USB Drivers
LimeWire 4.12.6
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
MSN Music Assistant
MSN
Intel® PRO Network Connections Drivers
RealPlayer Basic
Samsung Multimedia Studio
Adobe Flash Player 9 ActiveX
CP2101 USB to UART Bridge Controller
USB Driver Vers. 3.2
Windows Genuine Advantage Validation Tool
WinRAR archiver
XviD MPEG-4 Video Codec
PhotoGallery
Macromedia Flash Player
CP_Package_Variety1
Sonic RecordNow Data
Destinations
ATI Control Panel
Qualxserve Service Agreement
Sonic DLA
HP Software Update
DocumentViewer
CP_Package_Variety3
Samsung Media Studio
Sonic MyDVD LE
Sonic_PrimoSDK
Google Toolbar for Internet Explorer
CP_Panorama1Config
Unload
TrayApp
J2SE Runtime Environment 5.0 Update 6
V CAST Music
InstantShareDevices
CP_CalendarTemplates1
Google Earth
HP PSC & OfficeJet 5.3.A
iTunes
2570_Help
Intel® PROSet for Wired Connections
QuickTime
ProductContextNPI
FullDPAppQFolder
Dell Support 3.1
FUJIFILM USB Driver
NewCopy_CDA
RandMap
WebReg
Dell Driver Reset Tool
CP_Package_Basic1
MarketResearch
DeviceFunctionQFolder
Windows Genuine Advantage v1.3.0254.0
SkinsHP1
eSupportQFolder
PowerDVD 5.5
DocProc
CustomerResearchQFolder
Java 2 Runtime Environment, SE v1.4.2_03
Dell System Restore
DocumentViewerQFolder
CP_AtenaShokunin1Config
QuickBooks Basic 2002
Microsoft Office Professional Edition 2003
Intel Matrix Storage Manager
Readme
Windows Defender
ScannerCopy
Apple Software Update
CueTour
2570
DeviceManagementQFolder
Sonic Audio module
Adobe Reader 7.0.8
Sonic RecordNow Copy
AiO_Scan_CDA
PanoStandAlone
Fax_CDA
AiOSoftwareNPI
CP_Package_Variety2
BufferChm
iPod for Windows 2006-06-28
PerfectDisk
Samsung Media Studio
Scan
Microsoft .NET Framework 1.1
MCU
hp deskjet 5600
Google SketchUp
HPProductAssistant
SolutionCenter
2570Trb
Adobe Photoshop CS
Status

Finished

#5 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 01 March 2007 - 06:09 PM

NEW LOG.... AFTER FINISHED

Logfile of HijackThis v1.99.1
Scan saved at 6:06:15 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {56D1835C-80E5-4220-88C5-319EB7A3B8BC} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\system32\ptcqyqfh.dll (file missing)
O2 - BHO: (no name) - {6FCEBB48-000B-41B6-8D42-C1359DAAAAF2} - C:\WINDOWS\system32\ddccayy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7F5A2699-38CD-4B98-B193-5916D6566B01} - C:\WINDOWS\system32\ljjihfd.dll (file missing)
O2 - BHO: (no name) - {A146E9AE-F095-4827-8904-A00581FC3A45} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tkutmkpq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [C41FAF32] C:\WINDOWS\system32\mlsdf8h4997074.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137628859781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143144339125
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)
O20 - Winlogon Notify: ddccayy - C:\WINDOWS\SYSTEM32\ddccayy.dll
O20 - Winlogon Notify: mljkhgg - C:\WINDOWS\SYSTEM32\mljkhgg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QoS WAN (qoswan) - Unknown owner - C:\WINDOWS\system32\mlsdf8hdvnfxvn.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 01 March 2007 - 06:27 PM

Remove MarketResearch via Add\Remove Programs,then reboot.

*****************************

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text:

Files to delete:
C:\WINDOWS\SYSTEM32\mljkhgg.dll
C:\WINDOWS\system32\ddccayy.dll
C:\WINDOWS\system32\mlsdf8h4997074.exe
C:\WINDOWS\system32\mlsdf8hdvnfxvn.exe


Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt when you've done.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#7 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 13 March 2007 - 06:29 PM

I have gone through the last response and still have probelms. Thanks in advance!

Latest Log files....there are two files i cannot get rid of in Vundofix:

C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\mlljh.dll


Logfile of HijackThis v1.99.1
Scan saved at 7:22:31 PM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {56D1835C-80E5-4220-88C5-319EB7A3B8BC} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {599B269C-5999-4B84-8296-927284C911D4} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {6FCEBB48-000B-41B6-8D42-C1359DAAAAF2} - C:\WINDOWS\system32\ddccayy.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A146E9AE-F095-4827-8904-A00581FC3A45} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: (no name) - {AA904071-BFF9-457D-B32D-318EE2D845D6} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {B9F137E6-E298-4368-BC6A-AB99B4FE4C72} - C:\WINDOWS\system32\awvvw.dll (file missing)
O2 - BHO: (no name) - {C496395C-2368-4883-927D-D2000D40A600} - C:\WINDOWS\system32\cxxehcef.dll
O2 - BHO: (no name) - {CCB41DA8-CA13-468D-97BA-C4654777A302} - C:\WINDOWS\system32\cxxehcef.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [C41FAF32] C:\WINDOWS\system32\mlsdf8h4997074.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\adsvrsyt.dll",setvm
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137628859781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143144339125
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: QoS WAN (qoswan) - Unknown owner - C:\WINDOWS\system32\mlsdf8hdvnfxvn.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qrmnctww

*******************

Script file located at: \??\C:\WINDOWS\tpctmcuu.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\SYSTEM32\mljkhgg.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\mljkhgg.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\mljkhgg.dll
Status: 0xc0000034



File C:\WINDOWS\system32\ddccayy.dll not found!
Deletion of file C:\WINDOWS\system32\ddccayy.dll failed!

Could not process line:
C:\WINDOWS\system32\ddccayy.dll
Status: 0xc0000034



File C:\WINDOWS\system32\mlsdf8h4997074.exe not found!
Deletion of file C:\WINDOWS\system32\mlsdf8h4997074.exe failed!

Could not process line:
C:\WINDOWS\system32\mlsdf8h4997074.exe
Status: 0xc0000034

File C:\WINDOWS\system32\mlsdf8hdvnfxvn.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


SDFix: Version 1.69

Run by Dad - Tue 03/13/2007 @ 18:58:45.90

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Path:



Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\WINDOWS\\system32\\mshta.exe"="C:\\WINDOWS\\system32\\mshta.exe:*:Enabled:Microsoft ® HTML Application host"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\system32\\vrss.exe"="C:\\WINDOWS\\system32\\vrss.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\vpms.exe"="C:\\WINDOWS\\system32\\vpms.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\mbti.exe"="C:\\WINDOWS\\system32\\mbti.exe:*:Enabled:Microsoft ® Windows Network Latency Controller"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\WINDOWS\\system32\\vrss.exe"="C:\\WINDOWS\\system32\\vrss.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\vpms.exe"="C:\\WINDOWS\\system32\\vpms.exe:*:Enabled:Server"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"


Remaining Files:
---------------



Checking For Files with Hidden Attributes :

C:\Documents and Settings\Alessa\My Documents\myophile.com13\Thumbs.db
C:\Documents and Settings\Mom\My Documents\myophile.com13\Thumbs.db
C:\mt2560.exe
C:\Program Files\America Online 9.0\aolphx.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\America Online 9.0\RBM.exe
C:\WINDOWS\system32\mvtc4692734.exe
C:\WINDOWS\system32\2CA2559E6F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp
C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp
C:\Documents and Settings\Dad\My Documents\Tanawanda\~WRL3536.tmp
C:\WINDOWS\system32\qqstv.tmp

Add/Remove Programs List:

AOL Uninstaller (Choose which Products to Remove)
ATI Display Driver
AVG Anti-Virus 7.0
CopySafe Plugin
HijackThis 1.99.1
HP Document Viewer 5.3
HP Imaging Device Functions 5.3
HP Image Zone 5.3
HP Solution Center & Imaging Support Tools 5.3
HP Extended Capabilities 5.3
iPod for Windows 2006-06-28
Kaspersky Online Scanner
High Definition Audio Driver Package - KB835221
Lame ACM MP3 Codec
LG USB Drivers
LimeWire 4.12.6
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
MSN Music Assistant
MSN
Intel® PRO Network Connections Drivers
RealPlayer Basic
Samsung Multimedia Studio
Adobe Flash Player 9 ActiveX
CP2101 USB to UART Bridge Controller
USB Driver Vers. 3.2
Windows Genuine Advantage Validation Tool
WinRAR archiver
XviD MPEG-4 Video Codec
PhotoGallery
Macromedia Flash Player
CP_Package_Variety1
Sonic RecordNow Data
Destinations
ATI Control Panel
Qualxserve Service Agreement
Sonic DLA
HP Software Update
DocumentViewer
CP_Package_Variety3
Samsung Media Studio
Sonic MyDVD LE
Sonic_PrimoSDK
Google Toolbar for Internet Explorer
CP_Panorama1Config
Unload
TrayApp
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 10
V CAST Music
InstantShareDevices
CP_CalendarTemplates1
Google Earth
HP PSC & OfficeJet 5.3.A
iTunes
2570_Help
Intel® PROSet for Wired Connections
QuickTime
ProductContextNPI
FullDPAppQFolder
Dell Support 3.1
FUJIFILM USB Driver
NewCopy_CDA
RandMap
WebReg
Dell Driver Reset Tool
CP_Package_Basic1
MarketResearch
DeviceFunctionQFolder
Windows Genuine Advantage v1.3.0254.0
SkinsHP1
eSupportQFolder
PowerDVD 5.5
DocProc
CustomerResearchQFolder
Java 2 Runtime Environment, SE v1.4.2_03
Dell System Restore
DocumentViewerQFolder
CP_AtenaShokunin1Config
QuickBooks Basic 2002
Microsoft Office Professional Edition 2003
Intel Matrix Storage Manager
Readme
Windows Defender
ScannerCopy
Apple Software Update
CueTour
2570
DeviceManagementQFolder
Sonic Audio module
Adobe Reader 7.0.8
Sonic RecordNow Copy
AiO_Scan_CDA
PanoStandAlone
Fax_CDA
AiOSoftwareNPI
CP_Package_Variety2
BufferChm
iPod for Windows 2006-06-28
PerfectDisk
Samsung Media Studio
Scan
Microsoft .NET Framework 1.1
MCU
hp deskjet 5600
Google SketchUp
HPProductAssistant
SolutionCenter
2570Trb
Adobe Photoshop CS
Status

Finished

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 13 March 2007 - 06:51 PM

Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
QoS WAN (qoswan)
When you find it, double-click on it.
In the next window that opens, click the 'Stop' button.
Then change the 'Startup Type:' to 'Disabled'.
Now press Apply and then Ok and close any open windows.

***********************

Click on Start/Control Panel/Add or Remove Programs and remove/uninstall MarketResearch,reboot when you've done.

***********************

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {56D1835C-80E5-4220-88C5-319EB7A3B8BC} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {599B269C-5999-4B84-8296-927284C911D4} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {6FCEBB48-000B-41B6-8D42-C1359DAAAAF2} - C:\WINDOWS\system32\ddccayy.dll (file missing)
O2 - BHO: (no name) - {A146E9AE-F095-4827-8904-A00581FC3A45} - C:\WINDOWS\system32\awvts.dll (file missing)
O2 - BHO: (no name) - {AA904071-BFF9-457D-B32D-318EE2D845D6} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {B9F137E6-E298-4368-BC6A-AB99B4FE4C72} - C:\WINDOWS\system32\awvvw.dll (file missing)
O2 - BHO: (no name) - {C496395C-2368-4883-927D-D2000D40A600} - C:\WINDOWS\system32\cxxehcef.dll
O2 - BHO: (no name) - {CCB41DA8-CA13-468D-97BA-C4654777A302} - C:\WINDOWS\system32\cxxehcef.dll
O4 - HKLM\..\Run: [C41FAF32] C:\WINDOWS\system32\mlsdf8h4997074.exe
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\adsvrsyt.dll",setvm
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)
O23 - Service: QoS WAN (qoswan) - Unknown owner - C:\WINDOWS\system32\mlsdf8hdvnfxvn.exe (file missing)


Find and delete if present:
C:\WINDOWS\system32\cxxehcef.dll
C:\WINDOWS\system32\mlsdf8h4997074.exe
C:\WINDOWS\system32\adsvrsyt.dll

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

Post the AVG Anti Spyware report and a new Hijackthis log into your next reply please.
Let me know how your pc is running now please.
Posted Image
Posted Image

#9 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 13 March 2007 - 10:02 PM

Things are definitely getting better, but dont think i am at 100% yet....PLease try one more time.

Thanks!!



AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:37:55 PM 3/13/2007

+ Scan result:



C:\WINDOWS\system32\rsbmsc.exe -> Backdoor.Agent.adt : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bootwifi.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\avenger\backup.zip/avenger/mlsdf8hdvnfxvn.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r43028005.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4xpgyqogzrq.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8hdvnfxvn.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8hpofxpnfy.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8hrriasqibt.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8huskcu.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev7bskcu.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev7evnfx.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev7ibsk.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y2208168.exe -> Backdoor.HacDef.fv : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r41175490.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4130825.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r42990720.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r45078445.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r47880160.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4fypogyqi.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4jbtrjb.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4ogywogyrk.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r4ohyqiatldw.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f41292296.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f42165821.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f44209756.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f44580471.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f49052851.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f4gyqh.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8h6018479.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev71029337.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev78012417.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev78173942.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev79330917.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y2505613.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y3513858.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y8839598.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7yewume.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7ykcuskc.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7yslcatl.exe -> Backdoor.HacDef.fw : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f47229461.exe -> Backdoor.HacDef.gr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mvcrs.exe -> Backdoor.HacDef.he : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/cjnr4r48960330.exe -> Backdoor.HacDef.hg : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8h9903434.exe -> Backdoor.HacDef.hg : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev73957582.exe -> Backdoor.HacDef.hg : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev75833272.exe -> Backdoor.HacDef.hg : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev79933207.exe -> Backdoor.HacDef.hg : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y411208.exe -> Backdoor.HacDef.hg : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y772368.exe -> Backdoor.HacDef.hg : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/csts.exe -> Backdoor.SdBot.aad : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/nlkfev76841502.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cmgc.exe -> Downloader.Small.cxz : Cleaned with backup (quarantined).
C:\mt2560.exe -> Downloader.Small.dtz : Cleaned with backup (quarantined).
C:\mt.exe -> Downloader.Small.duz : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f46847626.exe -> Dropper.Mudrop.cr : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8h6308594.exe -> Dropper.Mudrop.cr : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8h6840154.exe -> Dropper.Mudrop.cr : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y2842638.exe -> Dropper.Mudrop.cr : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y8518958.exe -> Dropper.Mudrop.cr : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mbti.exe -> Proxy.Ranky : Cleaned with backup (quarantined).
C:\Documents and Settings\Dad\Cookies\dad@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@e-2dj6wfmieodzkbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@ehg-samsungusa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Dad\Cookies\dad@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\system32\mvtc4692734.exe -> Trojan.Agent.zq : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/dior4f46377076.exe -> Trojan.Obfuscated.au : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/mlsdf8h2143319.exe -> Trojan.Obfuscated.au : Cleaned with backup (quarantined).
C:\hijackthis\SDFix\SDFix\backups\backups.zip/backups/sklrr7y1280673.exe -> Trojan.Obfuscated.au : Cleaned with backup (quarantined).
C:\Documents and Settings\Alessa\Shared\01 Track 1.wma -> Trojan.Wimad.a : Cleaned with backup (quarantined).


::Report end




Logfile of HijackThis v1.99.1
Scan saved at 10:55:28 PM, on 3/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137628859781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143144339125
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 14 March 2007 - 04:55 AM

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one,if not an aattacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.

*************************************

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,exit MWAV.

*************************************

Please download Sophos Anti-Rootkit,and save it on your desktop.
1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\SOPHTEMP and double-click sargui.exe to start the program.
3. Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste: %temp%\sarscan.log then press Enter.
7. This should open the log from the rootkit scan.
Post this log into your next reply,along with a new Hijackthis log please.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.
Posted Image
Posted Image

#11 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 14 March 2007 - 07:17 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:05:19 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: (no name) - {C496395C-2368-4883-927D-D2000D40A600} - C:\WINDOWS\system32\xqpmsjbu.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137628859781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143144339125
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Sophos Anti-Rootkit Version 1.2 (data 1.01) © 2006 Sophos Plc
Started logging on 3/14/2007 at 19:56:01 PM
Stopped logging on 3/14/2007 at 20:03:18 PM

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 14 March 2007 - 07:24 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {C496395C-2368-4883-927D-D2000D40A600} - C:\WINDOWS\system32\xqpmsjbu.dll (file missing)
Exit Hijackthis,then restart your pc.

***********************************

Download ComboScan to your desktop:
http://www.techsupportforum.com/sectools/D...d/comboscan.exe
Make sure all running programs and Windows Explorer windows are closed.
Double-click on comboscan.exe to run it,then follow the prompts.
The scan may take a few minutes to complete.
When the scan has finished,a text file will open 'ComboScan.txt'.

Please Note:
When running Comboscan,some firewalls may warn that sigcheck.exe is trying to access the internet,please ensure that you allow sigcheck.exe permission to do so.
Also,it may happen that your Antivirus flags Comboscan as suspicious.
Please allow the Comboscan to run and don't let your Antivirus delete it.
(If necessary temporarily disable/turn off your Antivirus program).
Post the Comboscan.txt from the Comboscan into your next reply.
Posted Image
Posted Image

#13 td323i

td323i
  • Topic Starter

  • Members
  • 122 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 14 March 2007 - 07:39 PM

ComboScan v20070306.20 run by Dad on 2007-03-14 at 20:33:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-03-15 00:33:44 UTC - RP1 - System Checkpoint


Performed disk cleanup.


-- HijackThis (run as Dad.exe) -------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 8:33:57 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\Dad\Local Settings\Temporary Internet Files\Content.IE5\56DCHLB4\comboscan[1].exe
C:\HIJACK~1\Dad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137628859781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143144339125
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- HijackThis Fixed Entries (C:\HIJACK~1\backups\) -----------------------------

backup-20070313-220302-105 O20 - Winlogon Notify: mlljh - C:\WINDOWS\system32\mlljh.dll (file missing)
backup-20070313-220302-129 O2 - BHO: (no name) - {B9F137E6-E298-4368-BC6A-AB99B4FE4C72} - C:\WINDOWS\system32\awvvw.dll (file missing)
backup-20070313-220302-148 O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll (file missing)
backup-20070313-220302-225 O2 - BHO: (no name) - {A146E9AE-F095-4827-8904-A00581FC3A45} - C:\WINDOWS\system32\awvts.dll (file missing)
backup-20070313-220302-328 O2 - BHO: (no name) - {C496395C-2368-4883-927D-D2000D40A600} - C:\WINDOWS\system32\cxxehcef.dll
backup-20070313-220302-361 O2 - BHO: (no name) - {6FCEBB48-000B-41B6-8D42-C1359DAAAAF2} - C:\WINDOWS\system32\ddccayy.dll (file missing)
backup-20070313-220302-394 O4 - HKLM\..\Run: [C41FAF32] C:\WINDOWS\system32\mlsdf8h4997074.exe
backup-20070313-220302-401 O2 - BHO: (no name) - {CCB41DA8-CA13-468D-97BA-C4654777A302} - C:\WINDOWS\system32\cxxehcef.dll
backup-20070313-220302-582 O2 - BHO: (no name) - {599B269C-5999-4B84-8296-927284C911D4} - C:\WINDOWS\system32\mlljh.dll (file missing)
backup-20070313-220302-664 O2 - BHO: (no name) - {56D1835C-80E5-4220-88C5-319EB7A3B8BC} - C:\WINDOWS\system32\vtsqq.dll (file missing)
backup-20070313-220302-862 O2 - BHO: (no name) - {AA904071-BFF9-457D-B32D-318EE2D845D6} - C:\WINDOWS\system32\mljgh.dll (file missing)
backup-20070313-225332-402 O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\adsvrsyt.dll",setvm
backup-20070314-202837-747 O2 - BHO: (no name) - {C496395C-2368-4883-927D-D2000D40A600} - C:\WINDOWS\system32\xqpmsjbu.dll (file missing)

-- File Associations -----------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S agpCPQ (Compaq AGP Bus Filter) - C:\WINDOWS\system32\drivers\AGPCPQ.SYS
4S alim1541 (ALI AGP Bus Filter) - C:\WINDOWS\system32\drivers\ALIM1541.SYS
4S amdagp (AMD AGP Bus Filter Driver) - C:\WINDOWS\system32\drivers\AMDAGP.SYS
2R ASCTRM - C:\WINDOWS\system32\drivers\asctrm.sys
3R ati2mtag - C:\WINDOWS\system32\drivers\ati2mtag.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R Avg7Core (AVG7 Kernel) - C:\WINDOWS\system32\drivers\avg7core.sys
1R Avg7RsW (AVG7 Wrap Driver) - C:\WINDOWS\system32\drivers\avg7rsw.sys
1R Avg7RsXP (AVG7 Rezident Driver) - C:\WINDOWS\system32\drivers\avg7rsxp.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
4S cbidf - C:\WINDOWS\system32\drivers\cbidf2k.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
4S dac2w2k - C:\WINDOWS\system32\drivers\dac2w2k.sys
2R Defrag32 - C:\WINDOWS\system32\drivers\defrag32.sys
0R Defrag32b (Defrag32Boot) - C:\WINDOWS\system32\drivers\defrag32b.sys
0R drvmcdb - C:\WINDOWS\system32\drivers\drvmcdb.sys
2R drvnddm - C:\WINDOWS\system32\drivers\drvnddm.sys
3S E100B (Intel® PRO Adapter Driver) - C:\WINDOWS\system32\drivers\e100b325.sys
3R e1express (Intel® PRO/1000 PCI Express Network Connection Driver) - C:\WINDOWS\system32\drivers\e1e5132.sys
3S FINEPIX_PCC (FinePix Digital Camera 020717) - C:\WINDOWS\system32\drivers\V4CB011D.SYS
3R GEARAspiWDM - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
3R HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) - C:\WINDOWS\system32\drivers\Hdaudbus.sys
3R HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3S HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\HPZid412.sys
3S HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3S HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
0R iastor (Intel AHCI Controller) - C:\WINDOWS\system32\drivers\iaStor.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1R kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
3S MEMSWEEP2 - C:\WINDOWS\system32\3C.tmp (not found)
3R mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3S nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S QV2KUX (Casio Digital Camera) - C:\WINDOWS\system32\drivers\qv2kux.sys
4S sisagp (SIS AGP Bus Filter) - C:\WINDOWS\system32\drivers\SISAGP.SYS
3S slabbus (CP2101 USB Composite Device driver (WDM)) - C:\WINDOWS\system32\drivers\slabbus.sys
3S slabser (CP2101 USB to UART Bridge Controller Drivers) - C:\WINDOWS\system32\drivers\slabser.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
1R sscdbhk5 - C:\WINDOWS\system32\drivers\sscdbhk5.sys
1R ssrtln - C:\WINDOWS\system32\drivers\ssrtln.sys
3R STHDA (High Definition Audio Driver (WDM) - SigmaTel CODEC) - C:\WINDOWS\system32\drivers\sthda.sys
3S StillCam (Still Serial Digital Camera Driver) - C:\WINDOWS\system32\drivers\serscan.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
2R tfsnboio - C:\WINDOWS\system32\dla\tfsnboio.sys
2R tfsncofs - C:\WINDOWS\system32\dla\tfsncofs.sys
2R tfsndrct - C:\WINDOWS\system32\dla\tfsndrct.sys
2R tfsndres - C:\WINDOWS\system32\dla\tfsndres.sys
2R tfsnifs - C:\WINDOWS\system32\dla\tfsnifs.sys
2R tfsnopio - C:\WINDOWS\system32\dla\tfsnopio.sys
2R tfsnpool - C:\WINDOWS\system32\dla\tfsnpool.sys
2R tfsnudf - C:\WINDOWS\system32\dla\tfsnudf.sys
2R tfsnudfa - C:\WINDOWS\system32\dla\tfsnudfa.sys
2R tmcomm - C:\WINDOWS\system32\drivers\tmcomm.sys
3S usbbus (LGE CDMA Composite USB Device) - C:\WINDOWS\system32\drivers\lgusbbus.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3S UsbDiag (LGE CDMA USB Serial Port) - C:\WINDOWS\system32\drivers\lgusbdiag.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBModem (LGE CDMA USB Modem) - C:\WINDOWS\system32\drivers\lgusbmodem.sys
3S usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3S usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
4S viaagp (VIA AGP Bus Filter) - C:\WINDOWS\system32\drivers\VIAAGP.SYS
3R wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\drivers\wanatw4.sys
3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
2R AOL ACS (AOL Connectivity Service) - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
3S aspnet_state (ASP.NET State Service) - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
2R Ati HotKey Poller - C:\WINDOWS\system32\Ati2evxx.exe
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2R Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R IAANTMon (Intel® Matrix Storage Event Monitor) - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
3S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3R iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"
3S NetSvc (Intel NCS NetService) - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
3S ose (Office Source Engine) - "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
3S PDEngine - "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe"
2R PDSched (PDScheduler) - "C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
2S Pml Driver HPZ12 - C:\WINDOWS\system32\HPZipm12.exe
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R WANMiniportService (WAN Miniport (ATW) Service) - "C:\WINDOWS\wanmpsvc.exe"


-- Scheduled Tasks -------------------------------------------------------------

2007-03-13 19:54:04 278 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job<APPLES~1.JOB>
2006-01-18 18:27:53 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job<ISPSIG~1.JOB>


-- Files created between 2007-02-14 and 2007-03-14 -----------------------------

2007-03-14 19:55:00 0 d-------- C:\SOPHTEMP
2007-03-14 19:46:11 0 d-a------ C:\WINDOWS\zts2.exe
2007-03-14 19:46:11 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-03-14 19:46:11 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-03-14 19:46:11 0 d-a------ C:\WINDOWS\rundll16.exe
2007-03-14 19:46:11 0 d-a------ C:\WINDOWS\rundl132.dll
2007-03-14 19:46:11 0 d-a------ C:\WINDOWS\logo1_.exe
2007-03-14 19:45:24 135680 --a------ C:\WINDOWS\system32\TASKMGR.COM
2007-03-14 19:45:24 135680 --a------ C:\WINDOWS\system32\T.COM
2007-03-14 19:45:24 146432 --a------ C:\WINDOWS\REGEDIT.COM
2007-03-14 19:45:24 146432 --a------ C:\WINDOWS\R.COM
2007-03-13 21:19:24 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-13 21:18:59 0 d-------- C:\WINDOWS\SxsCaPendDel<SXSCAP~1>
2007-03-13 19:48:18 0 d-------- C:\Program Files\iTunes
2007-03-13 19:46:25 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-03-13 19:35:59 0 d-------- C:\WINDOWS\pss
2007-03-13 19:30:23 0 d-------- C:\WINDOWS\system32\Dell
2007-03-13 19:19:49 0 d-------- C:\avenger
2007-03-11 22:48:56 0 d-------- C:\Documents and Settings\Dad\.housecall6.6<HOUSEC~1.6>
2007-03-06 14:07:40 88340 --a------ C:\WINDOWS\system32\preuaurl.exe
2007-03-06 14:06:03 88340 --a------ C:\WINDOWS\system32\cheymuov.exe
2007-03-04 00:58:53 88340 --a------ C:\WINDOWS\system32\rggebtlo.exe
2007-03-01 18:45:06 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-03-01 18:38:34 0 d-------- C:\SDFix
2007-03-01 18:23:14 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-28 23:07:40 0 d-------- C:\hijackthis<HIJACK~1>
2007-02-25 16:41:37 88340 --a------ C:\WINDOWS\system32\wbtidihm.exe
2007-02-23 02:18:18 88340 --a------ C:\WINDOWS\system32\hcwpsqcf.exe


-- Find3M Report ---------------------------------------------------------------

2007-03-14 20:30:17 0 d-------- C:\Documents and Settings\Dad\Application Data\AVG7
2007-03-13 21:19:22 0 d-------- C:\Program Files\Grisoft
2007-03-13 20:15:12 14713734 -r-hs---- C:\AVG7DB_F.DAT
2007-03-13 20:02:30 0 d-------- C:\Program Files\XviD
2007-03-13 19:48:23 0 d-------- C:\Program Files\iPod
2007-03-13 19:45:10 0 d-------- C:\Program Files\Apple Software Update<APPLES~1>
2007-03-11 23:46:45 0 d-------- C:\Program Files\Java
2007-03-11 23:12:35 0 d-------- C:\Program Files\VSAdd-in
2007-03-05 09:10:04 0 d-------- C:\Program Files\Incomplete<INCOMP~1>
2007-03-05 07:12:28 0 d-------- C:\Program Files\LimeWire
2007-03-01 18:26:15 1161174 ---hs---- C:\WINDOWS\system32\qqstv.ini2<QQSTV~1.INI>
2007-03-01 18:12:47 1170154 ---hs---- C:\WINDOWS\system32\qqstv.bak2<QQSTV~2.BAK>
2007-02-16 22:41:56 0 d-------- C:\Documents and Settings\Dad\Application Data\Google
2007-02-13 21:18:20 88340 --a------ C:\WINDOWS\system32\skkecfgh.exe
2007-02-13 20:19:21 88340 --a------ C:\WINDOWS\system32\mlfqwtpx.exe
2007-02-13 20:06:50 88340 --a------ C:\WINDOWS\system32\cotiubhp.exe
2007-02-12 14:07:29 992569 ---hs---- C:\WINDOWS\system32\qqstv.bak1<QQSTV~1.BAK>
2007-02-11 22:04:32 0 d---s---- C:\Documents and Settings\Dad\Application Data\Microsoft<MICROS~1>
2007-02-02 21:09:44 0 d-------- C:\Program Files\Common Files\AOL
2007-02-02 10:34:24 0 d-------- C:\Documents and Settings\Dad\Application Data\AdobeUM
2007-01-31 18:37:29 70656 --a------ C:\WINDOWS\system32\mscivc.exe
2007-01-30 15:55:54 70656 --a------ C:\WINDOWS\system32\mcesvi.exe
2007-01-29 04:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-28 16:12:13 0 d-------- C:\Documents and Settings\Dad\Application Data\Adobe
2007-01-26 16:03:14 0 d-------- C:\Program Files\Google
2007-01-24 12:58:50 70656 --a------ C:\WINDOWS\system32\vibmsc.exe
2007-01-23 22:46:43 394 --a------ C:\WINDOWS\system32\mbosvc.exe
2007-01-22 18:31:55 0 d-------- C:\Documents and Settings\Dad\Application Data\Viewpoint<VIEWPO~1>
2007-01-13 14:23:43 66560 --a------ C:\WINDOWS\system32\mgosvc.exe
2007-01-11 15:52:39 397 --a------ C:\WINDOWS\system32\wvmsi.exe
2007-01-08 07:07:48 5868 --a------ C:\WINDOWS\system32\svmbi.exe
2006-12-19 17:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 14:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-15 17:11:16 66560 --a------ C:\WINDOWS\system32\psmvc.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SigmatelSysTrayApp"="stsystra.exe"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\iaanotif.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe"
"AVG7_RegCleaner"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgregcl.exe /BOOT"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"YeppStudioAgent"="C:\\Program Files\\Samsung\\Samsung Media Studio\\SamsungMediaStudioAgent.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"SMSTray"="C:\\Program Files\\Samsung\\Samsung Media Studio 5\\SMSTray.exe"
"MAAgent"="C:\\Program Files\\MarkAny\\ContentSafer\\MAAgent.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1168390819\\ee\\AOLSoftware.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"="MarkAny Contents Safer Manager 1.0"
"{7F5A2699-38CD-4B98-B193-5916D6566B01}"=""
"{6FCEBB48-000B-41B6-8D42-C1359DAAAAF2}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\qoswan

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of ComboScan: finished at 2007-03-14 at 20:34:30 ------------------------



ComboScan v20070306.20 run by Dad on 2007-03-14 at 20:33:39
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.80GHz
CPU 1: Intel® Pentium® D CPU 2.80GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1022.09 MiB / 463.21 MiB
Pagefile Memory (total/avail): 2455.74 MiB / 923.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1996.44 MiB

C: is Fixed (NTFS) - 145.78 GiB total, 127.32 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: v (McAfee) Disabled
AV: McAfee VirusScan v (McAfee)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dad\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
COLLECTIONID=COL8143
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELL-DESKTOP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HMSERVER=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dad
ITEMID=dj-22741-15
LANG=1033
LOGONSERVER=\\DELL-DESKTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
OSVER=winXPH
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONID=1140671273088htx6060da7b85:109a0aff47f:1ea
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SWUTVER=1.0.18.30716
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
TIMEOUT=0
TMP=C:\DOCUME~1\Dad\LOCALS~1\Temp
TOOLPATH=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
UPDATEDIR=C:\DOCUME~1\Alex\LOCALS~1\Temp\rad0E889.tmp
USERDOMAIN=DELL-DESKTOP
USERNAME=Dad
USERPROFILE=C:\Documents and Settings\Dad
VERSION=3.0.5.001
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Dad (admin)
Alex (admin)
Alessa (admin)
Cameron (admin)
Mom (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVG Anti-Virus 7.0 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
CP2101 USB to UART Bridge Controller --> C:\WINDOWS\system32\uninstall.exe C:\WINDOWS\system32\uninstall.ini
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\Setup.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar5.dll"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 1.99.1 --> C:\hijackthis\HijackThis.exe /uninstall
hp deskjet 5600 --> msiexec /x{DB5518BE-F40F-407A-B451-012625D4497B}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{01B51908-02EF-453B-87A9-815182E8C2F2}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lame ACM MP3 Codec --> "C:\WINDOWS\IFinst26.exe" -UC:\Program Files\Lame MP3 Codec\IFU56.inf
LG USB Drivers --> C:\PROGRA~1\LGDRIV~1\LGUSBD~1\UNWISE.EXE C:\PROGRA~1\LGDRIV~1\LGUSBD~1\INSTALL.LOG
LimeWire 4.12.6 --> "C:\Program Files\LimeWire\uninstall.exe"
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
MCU --> MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
PerfectDisk --> MsiExec.exe /I{C190CB55-817E-4713-84F4-0BBB8961CED9}
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Basic 2002 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{809987B2-F964-11D4-A1A5-00104BD190B1}\setup.exe" -addremove
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Samsung Media Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DAB6BE8-4B4F-4C08-AC96-4008057E3424}\Setup.exe" -l0x9
Samsung Media Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D20-BF31-0151CA6331A6}\Setup.exe" -l0x9
Samsung Multimedia Studio --> "C:\Program Files\Samsung\MultimediaStudio\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic Audio module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
USB Driver Vers. 3.2 --> C:\Program Files\USB Driver Vers. 3.2\uninstall.exe
V CAST Music --> MsiExec.exe /X{3249FD43-B24B-413F-B786-F8FEA32FA747}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\XviD\unins001.exe"


-- End of ComboScan: finished at 2007-03-14 at 20:34:30 ------------------------


Logfile of HijackThis v1.99.1
Scan saved at 8:37:56 PM, on 3/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1168390819\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137628859781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143144339125
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Sp

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 14 March 2007 - 08:27 PM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\zts2.exe
C:\WINDOWS\system32\vcmgcd32.dll
C:\WINDOWS\system32\iifgfgf.dll
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundl132.dll
C:\WINDOWS\logo1_.exe
C:\WINDOWS\system32\TASKMGR.COM
C:\WINDOWS\system32\T.COM
C:\WINDOWS\REGEDIT.COM
C:\WINDOWS\R.COM
C:\WINDOWS\system32\preuaurl.exe
C:\WINDOWS\system32\cheymuov.exe
C:\WINDOWS\system32\rggebtlo.exe
C:\WINDOWS\system32\wbtidihm.exe
C:\WINDOWS\system32\hcwpsqcf.exe
C:\WINDOWS\system32\qqstv.ini2
C:\WINDOWS\system32\qqstv.bak2
C:\WINDOWS\system32\skkecfgh.exe
C:\WINDOWS\system32\mlfqwtpx.exe
C:\WINDOWS\system32\cotiubhp.exe
C:\WINDOWS\system32\qqstv.bak1
C:\WINDOWS\system32\mscivc.exe
C:\WINDOWS\system32\mcesvi.exe
C:\WINDOWS\system32\vibmsc.exe
C:\WINDOWS\system32\mbosvc.exe
C:\WINDOWS\system32\mgosvc.exe
C:\WINDOWS\system32\wvmsi.exe
C:\WINDOWS\system32\svmbi.exe
C:\WINDOWS\system32\psmvc.exe

Folders to delete:
C:\Program Files\VSAdd-in
C:\Documents and Settings\Dad\Application Data\Viewpoint


Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.
Also post a new Hijackthis log please.
Let me know how your pc is running now please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users