Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

? Wareout Infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 Raytek

Raytek

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 30 June 2007 - 04:16 AM

Google is my default search in IE7.When I do a search and click on a link from the search page I an diverted to another site which is different to the one I clicked on in the search page.
Hope you can help me out
Here is the Hijack file



Logfile of HijackThis v1.99.1
Scan saved at 6:26:08 PM, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Participatory Culture Foundation\Democracy Player\xulrunner\Democracy.exe
C:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy_Downloader.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/nonmemb...etective-nm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160732664641
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://tsweb.csu.edu.au/tsweb/msrdp.cab
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 30 June 2007 - 10:32 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Raytek :thumbsup:

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply.

*********************

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,on the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

*********************

Please download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.


Also post a new Hijackthis log.
Posted Image
Posted Image

#3 Raytek

Raytek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 30 June 2007 - 06:22 PM

Completed running of Fixwareout and here is the log file that was generated I will now complete the rest of your instructions
Here it is

Fixwareout Last edited 6/27/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdepz.exe"

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Other
C:\WINDOWS\Temp\kdepz.ren 65991 04/08/2004
»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\Wcescomm.exe\""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»


Superantipyware Log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2007 at 10:38 AM

Application Version : 3.9.1008

Core Rules Database Version : 3263
Trace Rules Database Version: 1274

Scan type : Complete Scan
Total Scan Time : 01:06:16

Memory items scanned : 602
Memory threats detected : 0
Registry items scanned : 6083
Registry threats detected : 0
File items scanned : 53299
File threats detected : 125

Adware.Tracking Cookie
C:\Documents and Settings\Ray\Cookies\ray@e-2dj6wglicgdpgfp.stats.esomniture[2].txt
C:\Documents and Settings\Ray\Cookies\ray@atwola[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.fullreleases[1].txt
C:\Documents and Settings\Ray\Cookies\ray@rivmediagroup.com[2].txt
C:\Documents and Settings\Ray\Cookies\ray@ffxcam.cracker.com[1].txt
C:\Documents and Settings\Ray\Cookies\ray@oday-warez[1].txt
C:\Documents and Settings\Ray\Cookies\ray@clicktorrent[2].txt
C:\Documents and Settings\Ray\Cookies\ray@ads.uncoverthenet[1].txt
C:\Documents and Settings\Ray\Cookies\ray@cracker.com[2].txt
C:\Documents and Settings\Ray\Cookies\ray@dcsdlot3tnkor43qsdz5pxa2h_9m1d[1].txt
C:\Documents and Settings\Ray\Cookies\ray@kanoodle[2].txt
C:\Documents and Settings\Ray\Cookies\ray@revsci[1].txt
C:\Documents and Settings\Ray\Cookies\ray@media.sensis.com[2].txt
C:\Documents and Settings\Ray\Cookies\ray@stats.campaignvision.com[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.burstnet[1].txt
C:\Documents and Settings\Ray\Cookies\ray@st1.eyestats[3].txt
C:\Documents and Settings\Ray\Cookies\ray@ads.mininova[1].txt
C:\Documents and Settings\Ray\Cookies\ray@ads.neowin[1].txt
C:\Documents and Settings\Ray\Cookies\ray@pamedia.com[2].txt
C:\Documents and Settings\Ray\Cookies\ray@acvs.mediaonenetwork[2].txt
C:\Documents and Settings\Ray\Cookies\ray@azjmp[2].txt
C:\Documents and Settings\Ray\Cookies\ray@ad.sensismediasmart.com[2].txt
C:\Documents and Settings\Ray\Cookies\ray@crackserver[1].txt
C:\Documents and Settings\Ray\Cookies\ray@partner2profit[1].txt
C:\Documents and Settings\Ray\Cookies\ray@riverinamediagroup.com[2].txt
C:\Documents and Settings\Ray\Cookies\ray@ad.zanox[1].txt
C:\Documents and Settings\Ray\Cookies\ray@serving.rpowermedia[1].txt
C:\Documents and Settings\Ray\Cookies\ray@ad1.clickhype[1].txt
C:\Documents and Settings\Ray\Cookies\ray@adinterax[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.serials2000[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.ezytrack[2].txt
C:\Documents and Settings\Ray\Cookies\ray@crackfound[1].txt
C:\Documents and Settings\Ray\Cookies\ray@easywarez[1].txt
C:\Documents and Settings\Ray\Cookies\ray@e-2dj6wjl4gmd5eap.stats.esomniture[2].txt
C:\Documents and Settings\Ray\Cookies\ray@interclick[2].txt
C:\Documents and Settings\Ray\Cookies\ray@cnetaustralia.122.2o7[1].txt
C:\Documents and Settings\Ray\Cookies\ray@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\Ray\Cookies\ray@adecn[2].txt
C:\Documents and Settings\Ray\Cookies\ray@e-2dj6wgkokpazsfq.stats.esomniture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.sensismediasmart.com[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pamedia.com[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@sensismediasmart.com[1].txt
C:\Documents and Settings\Jane\Cookies\jane@1-click[1].txt
C:\Documents and Settings\Jane\Cookies\jane@acvs.mediaonenetwork[2].txt
C:\Documents and Settings\Jane\Cookies\jane@adinterax[2].txt
C:\Documents and Settings\Jane\Cookies\jane@ads.cdfreaks[2].txt
C:\Documents and Settings\Jane\Cookies\jane@ads.uknetguide.co[2].txt
C:\Documents and Settings\Jane\Cookies\jane@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Jane\Cookies\jane@atwola[1].txt
C:\Documents and Settings\Jane\Cookies\jane@au.hwstats[2].txt
C:\Documents and Settings\Jane\Cookies\jane@media.sensis.com[2].txt
C:\Documents and Settings\Jane\Cookies\jane@mediaonenetwork[1].txt
C:\Documents and Settings\Jane\Cookies\jane@nextag[1].txt
C:\Documents and Settings\Jane\Cookies\jane@oddcast[1].txt
C:\Documents and Settings\Jane\Cookies\jane@pamedia.com[2].txt
C:\Documents and Settings\Jane\Cookies\jane@roiservice[2].txt
C:\Documents and Settings\Jane\Cookies\jane@sensismediasmart.com[1].txt
C:\Documents and Settings\Jane\Cookies\jane@server.iad.liveperson[1].txt
C:\Documents and Settings\Jane\Cookies\jane@server.iad.liveperson[2].txt
C:\Documents and Settings\Jane\Cookies\jane@server.iad.liveperson[3].txt
C:\Documents and Settings\Jane\Cookies\jane@vhost.oddcast[2].txt
C:\Documents and Settings\Jane\Cookies\jane@www.3dstats[2].txt
C:\Documents and Settings\Jane\Cookies\jane@www.googleadservices[1].txt
C:\Documents and Settings\Jane\Cookies\jane@www.googleadservices[2].txt
C:\Documents and Settings\Jane\Cookies\jane@www.googleadservices[3].txt
C:\Documents and Settings\Jane\Cookies\jane@www.googleadservices[4].txt
C:\Documents and Settings\Jane\Cookies\jane@www.googleadservices[5].txt
C:\Documents and Settings\Jane\Cookies\jane@www.googleadservices[6].txt
C:\Documents and Settings\Jane\Cookies\jane@www3.addfreestats[1].txt
C:\Documents and Settings\Ray\Cookies\ray@ad2.pamedia.com[1].txt
C:\Documents and Settings\Ray\Cookies\ray@adlegend[2].txt
C:\Documents and Settings\Ray\Cookies\ray@adlog.cdfreaks[2].txt
C:\Documents and Settings\Ray\Cookies\ray@ads.cdfreaks[2].txt
C:\Documents and Settings\Ray\Cookies\ray@ads.itv[1].txt
C:\Documents and Settings\Ray\Cookies\ray@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Ray\Cookies\ray@au.hwstats[2].txt
C:\Documents and Settings\Ray\Cookies\ray@clicksor[2].txt
C:\Documents and Settings\Ray\Cookies\ray@counter.blogexplosion[1].txt
C:\Documents and Settings\Ray\Cookies\ray@cracks-serials.bestelinks[1].txt
C:\Documents and Settings\Ray\Cookies\ray@crackspider[1].txt
C:\Documents and Settings\Ray\Cookies\ray@db.software-serials[2].txt
C:\Documents and Settings\Ray\Cookies\ray@downloadwarez[2].txt
C:\Documents and Settings\Ray\Cookies\ray@gms.adbureau[1].txt
C:\Documents and Settings\Ray\Cookies\ray@gostats[2].txt
C:\Documents and Settings\Ray\Cookies\ray@mediaonenetwork[1].txt
C:\Documents and Settings\Ray\Cookies\ray@mediaonenetwork[2].txt
C:\Documents and Settings\Ray\Cookies\ray@overture[2].txt
C:\Documents and Settings\Ray\Cookies\ray@partypoker[2].txt
C:\Documents and Settings\Ray\Cookies\ray@roiservice[1].txt
C:\Documents and Settings\Ray\Cookies\ray@sensismediasmart.com[1].txt
C:\Documents and Settings\Ray\Cookies\ray@serials.co[2].txt
C:\Documents and Settings\Ray\Cookies\ray@server.iad.liveperson[4].txt
C:\Documents and Settings\Ray\Cookies\ray@smileycentral[1].txt
C:\Documents and Settings\Ray\Cookies\ray@software-serials[2].txt
C:\Documents and Settings\Ray\Cookies\ray@srv.warez[2].txt
C:\Documents and Settings\Ray\Cookies\ray@st1.eyestats[2].txt
C:\Documents and Settings\Ray\Cookies\ray@stats.ladotstats[2].txt
C:\Documents and Settings\Ray\Cookies\ray@statse.webtrendslive[1].txt
C:\Documents and Settings\Ray\Cookies\ray@stattrack.0catch[1].txt
C:\Documents and Settings\Ray\Cookies\ray@stopzilla[1].txt
C:\Documents and Settings\Ray\Cookies\ray@upspiral[1].txt
C:\Documents and Settings\Ray\Cookies\ray@usenext[2].txt
C:\Documents and Settings\Ray\Cookies\ray@usenext[3].txt
C:\Documents and Settings\Ray\Cookies\ray@versiontracker[1].txt
C:\Documents and Settings\Ray\Cookies\ray@warez[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.cracks-serials-rox[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.crackserver[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.cracks[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.directdl[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.etracker.com[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.googleadservices[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.googleadservices[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.googleadservices[5].txt
C:\Documents and Settings\Ray\Cookies\ray@www.infinitewarez[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.macromedia[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.mediarevenue[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.myserials[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.poweradvertising[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www.rivmediagroup.com[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.smart-serials[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.upspiral[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www.w3counter[1].txt
C:\Documents and Settings\Ray\Cookies\ray@www2.mystats[2].txt
C:\Documents and Settings\Ray\Cookies\ray@www2.mystats[3].txt
C:\Documents and Settings\Ray\Cookies\ray@www7.addfreestats[1].txt

Combofix Log

"Ray" - 2007-07-01 12:34:40 - ComboFix 07-07-01 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-06-01 to 2007-07-01 )))))))))))))))))))))))))))))))


2007-07-01 12:33 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-01 09:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-01 09:28 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\SUPERAntiSpyware.com
2007-07-01 09:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-01 09:12 9,580 --a------ C:\dnsbak.reg
2007-06-30 09:31 <DIR> d-------- C:\WINDOWS\system32\Panda Software
2007-06-30 08:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-29 11:02 <DIR> d-------- C:\Program Files\Windows Defender
2007-06-29 10:40 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\True Sword
2007-06-29 10:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-29 09:26 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\Uniblue
2007-06-24 21:14 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-24 21:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-24 21:13 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-15 10:02 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-06-15 09:55 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-06-10 20:52 <DIR> d-------- C:\DOCUME~1\Jane\APPLIC~1\vlc
2007-06-10 20:06 <DIR> d-------- C:\Program Files\Scholastic's Clifford
2007-06-08 10:50 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-08 10:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SMSI
2007-06-07 10:55 <DIR> d-------- C:\DOCUME~1\Ray\APPLIC~1\vlc
2007-06-07 10:52 <DIR> d-------- C:\Program Files\VideoLAN
2007-06-05 20:10 <DIR> d-------- C:\Program Files\iPod
2007-06-05 20:09 <DIR> d-------- C:\Program Files\iTunes
2007-06-04 20:19 <DIR> d-------- C:\DOCUME~1\Jane\APPLIC~1\PCF-VLC
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-01 09:58 <DIR> d-------- C:\WINDOWS\system32\appmgmt


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 10:11:42 -------- d-----w C:\DOCUME~1\Ray\APPLIC~1\Image Zone Express
2007-06-19 10:11:17 -------- d-----w C:\DOCUME~1\Ray\APPLIC~1\LimeWire
2007-06-15 09:01:59 529 ----a-w C:\WINDOWS\ereg077.dat
2007-06-10 10:06:27 69,632 ----a-w C:\WINDOWS\system32\Clifford Uninstall.exe
2007-06-08 00:52:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-08 00:52:45 -------- d-----w C:\Program Files\Ubi Soft
2007-06-06 22:29:24 -------- d-----w C:\Program Files\LimeWire
2007-06-05 10:00:41 10,063 ----a-w C:\WINDOWS\msvrc20.dll
2007-06-03 09:44:42 -------- d-----w C:\Program Files\DivX
2007-06-03 07:06:02 42,328 ----a-w C:\DOCUME~1\Ray\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-06-01 01:49:42 -------- d-----w C:\Program Files\Electronic Arts
2007-05-31 06:45:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-05-31 06:44:55 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 06:44:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 06:44:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 06:44:54 740,442 ----a-w C:\WINDOWS\system32\DivX.dll
2007-05-27 08:47:42 -------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2007-05-27 08:47:27 -------- d-----w C:\Program Files\Blaster
2007-05-17 00:29:09 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-12 09:14:01 -------- d-----w C:\Program Files\Creative Wonders
2007-05-10 12:52:58 -------- d-----w C:\Program Files\QuickTime
2007-05-09 23:37:56 -------- d-----w C:\DOCUME~1\Ray\APPLIC~1\Command & Conquer 3 Tiberium Wars Demo
2007-05-03 01:15:26 -------- d-----w C:\DOCUME~1\Ray\APPLIC~1\AdobeUM
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-18 07:56:03 110,592 ----a-w C:\WINDOWS\system32\avgfwafu.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 12:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 12:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-13 05:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-04-04 08:55:00 261,480 ----a-w C:\WINDOWS\system32\xactengine2_7.dll
2007-04-04 08:53:42 81,768 ----a-w C:\WINDOWS\system32\xinput1_3.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-18 17:55]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 15:41]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-22 16:50]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


Contents of the 'Scheduled Tasks' folder
2007-06-26 09:08:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-07-01 02:43:41 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-06-28 23:26:09 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-28 23:26:07 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-01 12:49:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-01 12:51:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-01 12:51

--- E O F ---

After all of the above was completed to your instructions this is the Hijack this log file

Logfile of HijackThis v1.99.1
Scan saved at 1:03:44 PM, on 1/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/nonmemb...etective-nm.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160732664641
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://tsweb.csu.edu.au/tsweb/msrdp.cab
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Hope you can help me out
Thanks for your time



Thanks

Edited by Raytek, 30 June 2007 - 10:04 PM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 01 July 2007 - 10:09 AM

First disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

--------------------------------

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sure.com/c/ge/w4sgeen10.exe
O16 - DPF: {29710C4C-4F0F-4A36-8312-CB5614829804} (DriverDetectiveNonMembers.nonmembers) - http://www.drivershq.com/files/cab/nonmemb...etective-nm.cab
O16 - DPF: {90F7E144-984F-4FA6-83A7-C9C8DCB9974C} (RSActiveXObj Control) - http://www.radarsync.com/RSActiveX.ocx

Exit Hijackthis.

--------------------------------

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
*Note*
Don't forget to re-enable your antivirus program.

Also post a new Hijackthis log.
Let me know how your pc is running now.
Posted Image
Posted Image

#5 Raytek

Raytek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 02 July 2007 - 06:53 AM

Okay here is the next set of instructions as follows and the computer is running much better thanks.

BitDefender Online Scanner



Scan report generated at: Mon, Jul 02, 2007 - 21:45:54





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;







Statistics

Time
01:26:20

Files
405699

Folders
7761

Boot Sectors
6

Archives
2300

Packed Files
19947




Results

Identified Viruses
2

Infected Files
2

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
2




Engines Info

Virus Definitions
636278

Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\April\Thumbs.db
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\April\Thumbs.db=>:encryptable
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\100_0465.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\100_0466.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\100_0467.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\100_0468.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\100_0469.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\100_0470.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\100_0471.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\100_0472.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 011.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 012.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 014.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 015.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 016.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 017.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 019.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 020.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 021.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 022.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 023.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 024.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 025.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 026.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 027.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 028.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 029.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 030.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 031.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Feb07 032.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 001.MOV
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 002.MOV
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 003.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 004.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 005.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 006.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 007.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 008.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 009.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 010.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 011.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 012.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 013.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 014.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 015.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 016.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 017.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 018.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 019.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 020.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 021.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 022.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 023.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 024.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 025.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 026.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 027.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 028.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 029.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\february 030.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Picture 001.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Picture 002.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Picture 003.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Picture 004.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Picture 005.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Picture 006.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Picture 007.jpg
Clean

C:\Documents and Settings\All Users\Documents\My Pictures\Digital Photos\2007\February\Picture 008.MOV
Clean

C:\Documents and Settings\Ray\Cookies\ray@eggheadcafe[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@egov.vic.gov[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@elliottback[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@email.huggiesclub.com[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@eroson[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@eservices.carsguide.news.com[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@estore.sonic[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@etunes[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@ewido[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@exclusivelyfood.com[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@expertcash[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@experts-exchange[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@experts.us.intellitxt[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@ezygames.com[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@facetime[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@factmonster[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@fairfax.com[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@fast-loans[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@fast-loans[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@fasttvdownloads[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@fe.lea.lycos.co[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@fenopy[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@ferrit.co[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@ffxcam.afr[2].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@ffxcam.domain.com[1].txt
Clean

C:\Documents and Settings\Ray\Cookies\ray@ffxcam.drive.com[1].txt
Clean

C:\System Volume Information\_restore{C0F597AB-29D9-4DE7-B974-89A09BA90A9D}\RP333\A0078344.exe=>(NSIS o)=>lzma_solid_nsis0011
Detected with: Adware.Ncase.D

C:\System Volume Information\_restore{C0F597AB-29D9-4DE7-B974-89A09BA90A9D}\RP333\A0078344.exe=>(NSIS o)=>lzma_solid_nsis0011
Disinfection failed

C:\System Volume Information\_restore{C0F597AB-29D9-4DE7-B974-89A09BA90A9D}\RP333\A0078344.exe=>(NSIS o)=>lzma_solid_nsis0011
Deleted

C:\System Volume Information\_restore{C0F597AB-29D9-4DE7-B974-89A09BA90A9D}\RP333\A0078344.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{C0F597AB-29D9-4DE7-B974-89A09BA90A9D}\RP335\A0078392.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{C0F597AB-29D9-4DE7-B974-89A09BA90A9D}\RP335\A0078392.exe
Disinfection failed

C:\System Volume Information\_restore{C0F597AB-29D9-4DE7-B974-89A09BA90A9D}\RP335\A0078392.exe
Deleted



Logfile of HijackThis v1.99.1
Scan saved at 9:49:55 PM, on 2/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Participatory Culture Foundation\Democracy Player\xulrunner\Democracy.exe
C:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy_Downloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1160732664641
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft Terminal Services Client Control (redist)) - http://tsweb.csu.edu.au/tsweb/msrdp.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - http://h30155.www3.hp.com/ediags/dd/instal...edsolutions.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

I await your reply and again thanks

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2007 - 07:37 AM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

-------------------------------------------

Your log is clean :thumbsup:
If all's ok,please do the following:

Find and delete:
Fixwareout
Combofix

C:\fixwareout
C:\QOOBOX

-------------------------------------------

Enable Windows Defender.

-------------------------------------------

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

-------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image

#7 Raytek

Raytek
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:58 AM

Posted 03 July 2007 - 05:31 AM

Thanks for all of your help.I have followed the advice and installed the recommended items for further protection.I made a small donation as well.Looks like I had quite a big problem before you came along.
thanks again
Ray

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 03 July 2007 - 05:35 AM

You're most welcome Ray,and thanks for the donation,appreciated :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users