Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Please Help Diagnose


  • Please log in to reply
7 replies to this topic

#1 Islander2517

Islander2517

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 13 June 2007 - 11:57 PM

Please Help!

I have already run spybot, avg, cwshredder and adaware - but I keep getting trojans popping up in the results, yet they never get completely taken care of. Nothing I seem to do helps - in fact, it seems to make it worse. My browser is running incredibly slow, and I keep getting pop-ups in IE Explorer, when I only use firefox to browse.

Please please help me.

Thank you

Logfile of HijackThis v1.99.1
Scan saved at 8:26:57 PM, on 6/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AVG\avgamsvr.exe
C:\AVG\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\AVG\avgcc.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\The Gov\Desktop\Hijack this\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\pmklqrrc.dll",realset
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOffice\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\AVG\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:03 PM

Posted 15 June 2007 - 10:57 PM

Your log is missing some entries that are normally present, and that may be a sign of some malware which intentionally hides from HijackThis.

To get around this, please open the folder where you downloaded HijackThis:
C:\Documents and Settings\The Gov\Desktop\Hijack this\HijackThis.exe

Right-click HijackThis.exe, and select: Rename
Rename Hijackthis.exe to HJT.exe

Please run HijackThis once again, and post a new log.

Old duck...


#3 Islander2517

Islander2517
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 June 2007 - 08:52 AM

Thanks for responding!

Here is my new Hijack this log -

Logfile of HijackThis v1.99.1
Scan saved at 9:47:28 AM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Azureus\Azureus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\AVG\avgamsvr.exe
C:\AVG\avgcc.exe
C:\AVG\avgupsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\The Gov\Desktop\mplayer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\The Gov\Desktop\Hijack this\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {50EB7479-5A30-41CB-89C7-27FB9819BFF5} - C:\WINDOWS\system32\msntarax.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\nnmilbnq.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyyxut.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C19D8FA7-7EE5-4391-8B20-B38655A6DDEB} - C:\WINDOWS\system32\ddccc.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\dltnsvjw.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOffice\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O20 - Winlogon Notify: ddccc - C:\WINDOWS\system32\ddccc.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winknf32 - winknf32.dll (file missing)
O20 - Winlogon Notify: xxyyxut - C:\WINDOWS\SYSTEM32\xxyyxut.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\AVG\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:03 PM

Posted 17 June 2007 - 07:53 PM

Please run HijackThis, Scan
Check box for:

O2 - BHO: (no name) - {50EB7479-5A30-41CB-89C7-27FB9819BFF5} - C:\WINDOWS\system32\msntarax.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\nnmilbnq.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\xxyyxut.dll
O2 - BHO: (no name) - {C19D8FA7-7EE5-4391-8B20-B38655A6DDEB} - C:\WINDOWS\system32\ddccc.dll

O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\dltnsvjw.dll",realset

O20 - Winlogon Notify: ddccc - C:\WINDOWS\system32\ddccc.dll
O20 - Winlogon Notify: winknf32 - winknf32.dll (file missing)
O20 - Winlogon Notify: xxyyxut - C:\WINDOWS\SYSTEM32\xxyyxut.dll

Select: Fix checked

~~~~
Next, download SuperAntiSpyware Home Edition Free Version
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

~~~~
Now, download ComboFix to the Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)

A log, combofix.txt is produced.

~~~~
Please provide the following in your reply:
The SuperAntiSpyware log
The ComboFix.txt
A new HijackThis log

Old duck...


#5 Islander2517

Islander2517
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 June 2007 - 10:41 PM

Thank you so much for your assistance!!

Here is my SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/17/2007 at 11:24 PM

Application Version : 3.8.1002

Core Rules Database Version : 3256
Trace Rules Database Version: 1267

Scan type : Complete Scan
Total Scan Time : 00:34:37

Memory items scanned : 449
Memory threats detected : 7
Registry items scanned : 5595
Registry threats detected : 39
File items scanned : 26496
File threats detected : 100

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\DDCCC.DLL
C:\WINDOWS\SYSTEM32\DDCCC.DLL
HKLM\Software\Classes\CLSID\{C19D8FA7-7EE5-4391-8B20-B38655A6DDEB}
HKCR\CLSID\{C19D8FA7-7EE5-4391-8B20-B38655A6DDEB}
HKCR\CLSID\{C19D8FA7-7EE5-4391-8B20-B38655A6DDEB}\InprocServer32
HKCR\CLSID\{C19D8FA7-7EE5-4391-8B20-B38655A6DDEB}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C19D8FA7-7EE5-4391-8B20-B38655A6DDEB}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\ddccc

Trojan.Mezzia/Resident
C:\WINDOWS\SYSTEM32\WINKNF32.DLL
C:\WINDOWS\SYSTEM32\WINKNF32.DLL

Trojan.Downloader-Gen/HitItQuitIt
C:\WINDOWS\SYSTEM32\XXYYXUT.DLL
C:\WINDOWS\SYSTEM32\XXYYXUT.DLL
C:\WINDOWS\SYSTEM32\HGGHECC.DLL
C:\WINDOWS\SYSTEM32\HGGHECC.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\xxyyxut
C:\DOCUMENTS AND SETTINGS\THE GOV\DESKTOP\HIJACK THIS\BACKUPS\BACKUP-20070617-224538-416.DLL
C:\WINDOWS\SYSTEM32\GEBYYXW.DLL
C:\WINDOWS\SYSTEM32\WVUSROO.DLL

Trojan.Downloader-NewJuan/VM
C:\WINDOWS\SYSTEM32\NNMILBNQ.DLL
C:\WINDOWS\SYSTEM32\NNMILBNQ.DLL
C:\WINDOWS\SYSTEM32\UQLHKAOU.DLL
C:\WINDOWS\SYSTEM32\UQLHKAOU.DLL

Trojan.Downloader-CREW
C:\WINDOWS\SYSTEM32\MSNTARAX.DLL
C:\WINDOWS\SYSTEM32\MSNTARAX.DLL
C:\DOCUMENTS AND SETTINGS\THE GOV\DESKTOP\HIJACK THIS\BACKUPS\BACKUP-20070617-224538-668.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}
HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}\InprocServer32
HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A61098D-612B-4EF2-943D-64E920684061}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{8A61098D-612B-4EF2-943D-64E920684061}
HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
HKCR\CLSID\{8A61098D-612B-4EF2-943D-64E920684061}

Adware.Tracking Cookie
C:\Documents and Settings\The Gov\Cookies\the_gov@atwola[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@indiads[1].txt
C:\Documents and Settings\The Gov\Cookies\the gov@data4.perf.overture[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@adbrite[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@cpvfeed[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@3.adbrite[2].txt
C:\Documents and Settings\The Gov\Cookies\the gov@ads.cnn[2].txt
C:\Documents and Settings\The Gov\Cookies\the gov@74495301[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@ad1.clickhype[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@exitexchange[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@adserver.easyad[1].txt
C:\Documents and Settings\The Gov\Cookies\the gov@html[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@doubleclick[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@www.orgysexparties[1].txt
C:\Documents and Settings\The Gov\Cookies\the gov@cgi-bin[1].txt
C:\Documents and Settings\The Gov\Cookies\the gov@ads.as4x.tmcs[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@ads.revsci[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@ads.auctionads[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@zedo[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@revsci[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@ad.firstadsolution[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@precisionclick[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@pro-market[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@ads.adbrite[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@a.websponsors[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@findwhat[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@count4.exitexchange[2].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@mywebsearch[1].txt
C:\Documents and Settings\The Gov\Cookies\the_gov@fastclick[1].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
C:\DOCUMENTS AND SETTINGS\THE GOV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SHYZCPU7\ANTI4[1].EXE
C:\DOCUMENTS AND SETTINGS\THE GOV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SHYZCPU7\ANTI4[2].EXE
C:\DOCUMENTS AND SETTINGS\THE GOV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SV4329SJ\XC42[1].EXE
C:\WINDOWS\SYSTEM32\OT.ICO
C:\WINDOWS\TEMP\WIN330.TMP.EXE
C:\WINDOWS\Prefetch\WIN330.TMP.EXE-060DC524.pf

Trojan.Security Toolbar
C:\Program Files\Security Toolbar\Uninstall.bat
C:\Program Files\Security Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Toolbar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Security Toolbar#UninstallString
C:\Documents and Settings\The Gov\Favorites\Antivirus Test Online.url

Adware.ClickSpring/Outer Info Network
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#InstallLocation
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#NoRepair
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo#DisplayVersion

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE

Trace.Known Threat Sources
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\scanner[1].htm
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\DKC7P1K5\part6[1].jpg
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\T7RX7LJ4\top[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\A1J4D4FA\text[3].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\A1J4D4FA\noflash[1].jpg
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\0TAJKHIN\part4[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\sirena2[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\SV4329SJ\bg1[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\0TAJKHIN\part7[1].jpg
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\37DBZX4W\bg3[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\DKC7P1K5\boton2[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\VUHOLJRF\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\PP8Q0VXR\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\A1J4D4FA\text[2].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\8JNZU0PD\brd-top-3[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\SHYZCPU7\cmd[1].htm
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\2007[1].htm
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\text[3].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\VUHOLJRF\spacer[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\A1J4D4FA\t2[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\8JNZU0PD\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\SHYZCPU7\t4[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\37DBZX4W\t3[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\8JNZU0PD\part3[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\favicon[1].ico
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\DKC7P1K5\2007[1].htm
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\SHYZCPU7\text[3].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\37DBZX4W\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\37DBZX4W\part5[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\A1J4D4FA\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\0HYVCDIR\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\DKC7P1K5\text[2].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\img_01[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\VUHOLJRF\text[3].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\DKC7P1K5\brd-top-1[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\T7RX7LJ4\default[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\37DBZX4W\t1[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\37DBZX4W\text[4].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\0TAJKHIN\cmd[1].htm
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\SHYZCPU7\checksoft[1].js
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\text[2].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\SHYZCPU7\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\SHYZCPU7\bg2[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\T7RX7LJ4\t5[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\PP8Q0VXR\bg6[1].gif
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\text[1].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\SHYZCPU7\text[2].dat
C:\Documents and Settings\The Gov\Local Settings\Temporary Internet Files\Content.IE5\60KG8T7T\text[2].dat

Here is my ComboFix Log:

ComboFix 07-06-13.3 - C:\Documents and Settings\The Gov\Desktop\ComboFix.exe
"The Gov" - 2007-06-17 23:29:37 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\guoodrvn.dll
C:\WINDOWS\system32\nvrdooug.ini
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\cccdd.tmp
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.bak2
C:\WINDOWS\system32\cccdd.ini2
C:\WINDOWS\system32\cccdd.tmp


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-17 23:29 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 22:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-17 22:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-06-17 22:47 <DIR> d-------- C:\DOCUME~1\THEGOV~1\APPLIC~1\SUPERAntiSpyware.com
2007-06-17 22:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-13 00:54 <DIR> d-------- C:\WINDOWS\pss
2007-05-31 02:45 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 02:44 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 02:44 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 02:44 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 02:44 740,442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-26 10:38 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2007-05-26 10:38 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2007-05-26 10:38 285 --a------ C:\WINDOWS\EReg072.dat
2007-05-26 10:38 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2007-05-26 10:38 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2007-05-26 10:38 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2007-05-26 10:37 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2007-05-26 10:37 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2007-05-26 10:32 <DIR> d-------- C:\DOCUME~1\THEGOV~1\WINDOWS
2007-05-23 22:55 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-23 12:47 <DIR> d-------- C:\DOCUME~1\THEGOV~1\APPLIC~1\Move Networks


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 03:26:20 -------- d-----w C:\DOCUME~1\THEGOV~1\APPLIC~1\Azureus
2007-06-13 04:52:19 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-13 04:49:49 -------- d-----w C:\Program Files\Dell
2007-06-12 01:09:56 760 ----a-w C:\WINDOWS\eReg.dat
2007-06-02 05:17:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-02 05:16:48 -------- d-----w C:\Program Files\DivX
2007-06-02 05:15:45 -------- d--h--w C:\DOCUME~1\THEGOV~1\APPLIC~1\Gtek
2007-05-23 07:06:02 -------- d-----w C:\Program Files\Trillian
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-27 07:00:24 -------- d-----w C:\Program Files\MSXML 4.0
2007-04-26 07:37:20 -------- d-----w C:\DOCUME~1\THEGOV~1\APPLIC~1\DataCast
2007-04-26 07:37:13 -------- d-----w C:\DOCUME~1\THEGOV~1\APPLIC~1\InstallShield
2007-04-26 07:37:04 471,040 ----a-w C:\WINDOWS\system32\muzapp.dll
2007-04-26 07:37:04 167,936 ----a-w C:\WINDOWS\system32\muzapp.exe
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2006-05-27 03:44:46 8 --sh--r C:\WINDOWS\system32\70FE6F73A6.sys
2006-07-06 01:14:55 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 06:20]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-15 10:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 20:42]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 03:12]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-09 21:43]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 16:16]
"AVG7_CC"="C:\AVG\avgcc.exe" [2007-04-21 09:19]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-02-02 03:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"My Web Search Bar Search Scope Monitor"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 10:46]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-05-23 10:12]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"=C:\AVG\avgw.exe /RUNONCE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{05a91164-3c96-47d6-aa74-2c855791b2d0}"="C:\WINDOWS\system32\ofcukiz.dll" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winknf32]
winknf32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSTray]
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 23:32:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17 23:33:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-17 23:33

--- E O F ---

Finally, here is my HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:20 PM, on 6/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AVG\avgamsvr.exe
C:\AVG\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\AVG\avgcc.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\The Gov\Desktop\Hijack this\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C19D8FA7-7EE5-4391-8B20-B38655A6DDEB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOffice\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winknf32 - winknf32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\AVG\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:03 PM

Posted 19 June 2007 - 10:35 PM

Sorry for the delay. Was taking care of someone who had major surgery.

MyWebSearch is not technically malware, but may bring malware with it. There are safer alternatives available such as the Google toolbar. Its removal is recommended.

Go to: Start > Run, type: control
Press OK
Double-click on: Add/Remove Programs

On the list of Currently Installed Programs, look for and, if found, uninstall the following by selecting the entry and clicking on Remove:
MyWebSearch

Next, search for and delete the following folders (bold):
C:\Program Files\MyWebSearch

Restart the computer.

~~~~
Run HijackThis, Scan
Check box for:

O2 - BHO: (no name) - {C19D8FA7-7EE5-4391-8B20-B38655A6DDEB} - (no file)

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0

O20 - Winlogon Notify: winknf32 - winknf32.dll (file missing)

Select: Fix checked

~~~~
Restart the computer once again.

~~~~
Please Run HijackThis to obtain a new log, and post it in your reply.


Also, are you still having malware problems?

Old duck...


#7 Islander2517

Islander2517
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 08 July 2007 - 09:40 AM

Sorry for the delay! Here is the new Hijack This Log per your instructions. Also, I should note that I did not find "MyWebSearch" on my compuiter, but I did delete a lot of unused programs from my hard drive recently prior to reading your most recent post.

Logfile of HijackThis v1.99.1
Scan saved at 10:36:16 AM, on 7/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\AVG\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\AVG\avgamsvr.exe
C:\AVG\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Azureus\Azureus.exe
C:\Documents and Settings\The Gov\Desktop\mplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\The Gov\Desktop\Hijack this\HJT.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG7_CC] C:\AVG\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\RunOnce: [SWHelper] "C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" 1014020
O4 - HKCU\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOffice\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\AVG\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\AVG\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:03:03 PM

Posted 09 July 2007 - 05:17 PM

My apology for not responding. For some reason, was not notified of your post.

Let's get another perspective.

Please download Deckard's System Scanner (DSS) to your Desktop.
  • Close all windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • If your firewall offers a warning, allow the program to run.
  • When the scan is complete, two text files open - main.txt <- this one is maximized and extra.txt <-this one is minimized
  • Please provide the contents of main.txt in your reply.

DSS does the following:
  • Creates a new System Restore point in Windows XP and Vista.
  • Cleans the Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empties the Recycle Bin on all drives.

Old duck...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users