ingez

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ingez

  • Rank
    Newbie
  1. When trying to access "TV Listings" on Yahoo!, IE hangs every time... Ran Ad-Aware and Spybot, but neither one found any problem (besides tracking cookies).. When accesing link from my other computer, everything is fine. I am afraid that might have a virus or malware that could spread further.. Please help !
  2. Did as you have instructed, reran ESET - NO THREATS FOUND !!!!! Thank you so much !!! Let me know if you ever visit Californa - will be delighted to meet you and show you around !!! And yes, I have changed all my passwords...
  3. Yes, cleaned the Java cache. Here is the latest ESET log - still 5 threats... # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2661 (20071115) # vers_arch_module=1.059 (20071108) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=edc7fbcfeb0c15499a43cb54d3138964 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2007-11-16 12:37:09 # local_time=2007-11-15 04:37:09 (-0800, Pacific Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=258166 # found=5 # scan_time=3627 C:\Documents and Settings\Inna Zatulovsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-6adb3398.zip multiple infiltrations 7A0DFCB5F4857323B436CFFE04C4A337 C:\Documents and Settings\Inna Zatulovsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-6adb3398.zip »ZIP »Gummy.class Java/Bytverify trojan 00000000000000000000000000000000 C:\Documents and Settings\Inna Zatulovsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-6adb3398.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan 00000000000000000000000000000000 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1188\A0074536.exe probably a variant of Win32/Agent trojan D6501BB075B2B80F0ADFBB7BB8CA42A7 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1188\A0074537.exe probably a variant of Win32/TrojanDropper.VB.NAI trojan C774B425A5C12405AC860BD73DD2B4F1
  4. Here is the new ESET scan. Also, I have not received a file with passwords from you as of yet... version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2661 (20071115) # vers_arch_module=1.059 (20071108) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=edc7fbcfeb0c15499a43cb54d3138964 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2007-11-15 08:23:23 # local_time=2007-11-15 12:23:23 (-0800, Pacific Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=258121 # found=10 # scan_time=4027 C:\Documents and Settings\Inna Zatulovsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-6adb3398.zip multiple infiltrations 7A0DFCB5F4857323B436CFFE04C4A337 C:\Documents and Settings\Inna Zatulovsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-6adb3398.zip »ZIP »Gummy.class Java/Bytverify trojan 00000000000000000000000000000000 C:\Documents and Settings\Inna Zatulovsky\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-531e248-6adb3398.zip »ZIP »Beyond.class a variant of Java/ClassLoader.K trojan 00000000000000000000000000000000 C:\Documents and Settings\Inna Zatulovsky\Shared\Photodex ProShow Producer v3.0.1974\Crack.exe probably a variant of Win32/Agent trojan D6501BB075B2B80F0ADFBB7BB8CA42A7 C:\Documents and Settings\Inna Zatulovsky\Shared\Photodex ProShow Producer v3.0.1974\Setup.exe probably a variant of Win32/TrojanDropper.VB.NAI trojan C774B425A5C12405AC860BD73DD2B4F1 C:\RECYCLER\S-1-5-21-686895051-864744168-116612396-1007\Dc3.zip multiple infiltrations 88AFC5DF08056F56C4B053177F941B65 C:\RECYCLER\S-1-5-21-686895051-864744168-116612396-1007\Dc3.zip »ZIP »Crack.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 C:\RECYCLER\S-1-5-21-686895051-864744168-116612396-1007\Dc3.zip »ZIP »Setup.exe probably a variant of Win32/TrojanDropper.VB.NAI trojan 00000000000000000000000000000000 C:\WINDOWS\Fonts\a.zip probably a variant of Win32/TrojanDropper.VB.NAI trojan DE73C33C05B66EE916B33819640DFCA4 C:\WINDOWS\Fonts\a.zip »ZIP »Setup.exe probably a variant of Win32/TrojanDropper.VB.NAI trojan 00000000000000000000000000000000
  5. Thngs seem to br OK now - THANKS ! Howevre ESET log still shows over 4,000 threats (see attached) - what should be done at this point ? log.txt
  6. 1) Here is the Combofix file : ComboFix 07-11-08.1 - Inna Zatulovsky 2007-11-13 17:35:04.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.161 [GMT -8:00] Running from: C:\Documents and Settings\Inna Zatulovsky\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Inna Zatulovsky\Desktop\CFScript.txt * Created a new restore point FILE C:\Documents and Settings\Inna Zatulovsky\x.dat C:\Documents and Settings\Inna Zatulovsky\z.dat C:\n.bat C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\Fonts\svchost.exe C:\WINDOWS\SYSTEM32\awtqoli.dll C:\WINDOWS\SYSTEM32\ddcaxuu.dll C:\WINDOWS\SYSTEM32\gebyxur.dll C:\WINDOWS\SYSTEM32\iifccde.dll C:\WINDOWS\SYSTEM32\imwsciin.dll C:\WINDOWS\SYSTEM32\jkeogwpx.dll C:\WINDOWS\SYSTEM32\jydtkaea.dll C:\WINDOWS\SYSTEM32\lvupxqcc.dll C:\WINDOWS\SYSTEM32\nblcjngk.dll C:\WINDOWS\SYSTEM32\pmnklif.dll C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\srutv.ini2 C:\WINDOWS\SYSTEM32\uekhubyt.dll C:\WINDOWS\system32\uygjjupq.dll C:\WINDOWS\SYSTEM32\vbzip10.dll C:\WINDOWS\system32\vturs.dll C:\WINDOWS\SYSTEM32\xclqbllv.dll C:\WINDOWS\SYSTEM32\xvuwrgja.dll C:\WINDOWS\SYSTEM32\xxyxxxw.dll C:\x.dat C:\z.dat . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Inna Zatulovsky\x.dat C:\Documents and Settings\Inna Zatulovsky\z.dat C:\n.bat C:\Temp\mZOr C:\VundoFix Backups C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\Fonts\svchost.exe C:\WINDOWS\SYSTEM32\awtqoli.dll C:\WINDOWS\SYSTEM32\ddcaxuu.dll C:\WINDOWS\SYSTEM32\gebyxur.dll C:\WINDOWS\SYSTEM32\iifccde.dll C:\WINDOWS\SYSTEM32\imwsciin.dll C:\WINDOWS\SYSTEM32\jkeogwpx.dll C:\WINDOWS\SYSTEM32\jydtkaea.dll C:\WINDOWS\SYSTEM32\lvupxqcc.dll C:\WINDOWS\SYSTEM32\Mz18r C:\WINDOWS\SYSTEM32\nblcjngk.dll C:\WINDOWS\SYSTEM32\pmnklif.dll C:\WINDOWS\system32\srutv.ini C:\WINDOWS\system32\srutv.ini2 C:\WINDOWS\SYSTEM32\uekhubyt.dll C:\WINDOWS\SYSTEM32\vbzip10.dll C:\WINDOWS\system32\vturs.dll C:\WINDOWS\SYSTEM32\xclqbllv.dll C:\WINDOWS\SYSTEM32\xvuwrgja.dll C:\WINDOWS\SYSTEM32\xxyxxxw.dll C:\winlogon.exe C:\x.dat C:\z.dat . ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 ))))))))))))))))))))))))))))))) . 2007-11-13 15:58 37,376 --a------ C:\WINDOWS\SYSTEM32\pmnomml.dll 2007-11-13 15:31 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-12 19:45 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-12 18:16 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-10 11:48 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-10 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-10 11:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-07 16:32 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-11-06 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-04 23:43 <DIR> d-------- C:\Documents and Settings\Inna Zatulovsky\Shared 2007-11-04 23:42 <DIR> d-------- C:\Documents and Settings\Inna Zatulovsky\Incomplete 2007-11-04 23:42 <DIR> d-------- C:\Documents and Settings\Inna Zatulovsky\Application Data\LimeWire 2007-11-04 23:39 <DIR> d-------- C:\Program Files\LimeWire 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll 2007-10-30 19:55 191,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys 2007-10-30 19:55 145,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys 2007-10-30 19:55 39,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys 2007-10-30 19:55 37,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys 2007-10-30 19:55 35,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys 2007-10-30 19:55 27,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys 2007-10-30 19:55 12,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-14 01:49 --------- d-----w C:\Program Files\Plaxo 2007-11-13 02:18 --------- d-----w C:\Program Files\Java 2007-11-10 21:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-10 21:15 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-10 21:15 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-10 21:15 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-10 21:15 --------- d-----w C:\Program Files\Symantec 2007-11-10 03:27 --------- d-----w C:\Documents and Settings\Inna Zatulovsky\Application Data\AdobeUM 2007-11-08 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-31 03:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2007-10-31 03:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf 2007-09-23 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-09-23 15:39 --------- d-----w C:\Program Files\Norton AntiVirus 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 21:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 21:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 21:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 21:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 21:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 21:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 21:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-16 01:46 --------- d-----w C:\Program Files\Windows Installer Clean Up 2007-09-16 01:45 --------- d-----w C:\Program Files\MSECACHE 2007-09-16 00:04 --------- d-----w C:\Documents and Settings\Inna Zatulovsky\Application Data\Skype 2006-05-12 05:16 150,912 ----a-w C:\Documents and Settings\Inna Zatulovsky\Application Data\GDIPFONTCACHEV1.DAT 2004-01-08 05:17 11,401 ----a-w C:\Program Files\GAL2SET.LOG 2004-01-05 04:38 498 ----a-w C:\Program Files\FTW.ini 2004-01-05 04:28 29,364 ----a-w C:\Program Files\Uninst.isu 2001-10-30 17:00 94,179 ----a-w C:\Program Files\FF_TIPS.HLP 2001-10-30 17:00 90,112 ----a-w C:\Program Files\Ftwbub32.dll 2001-10-30 17:00 803,680 ----a-w C:\Program Files\AXDIST.EXE 2001-10-30 17:00 77,824 ----a-w C:\Program Files\lffax10N.dll 2001-10-30 17:00 74,240 ----a-w C:\Program Files\infolink.dll 2001-10-30 17:00 690,472 ----a-w C:\Program Files\FTW32.HLP 2001-10-30 17:00 69,632 ----a-w C:\Program Files\Imaging.dll 2001-10-30 17:00 653,100 ----a-w C:\Program Files\MAPLOCS.HLP 2001-10-30 17:00 61,440 ----a-w C:\Program Files\aqueduct.dll 2001-10-30 17:00 58,368 ----a-w C:\Program Files\lfwmf10N.dll 2001-10-30 17:00 57,344 ----a-w C:\Program Files\pgcntl32.dll 2001-10-30 17:00 57,344 ----a-w C:\Program Files\Ftosub.exe 2001-10-30 17:00 56,320 ----a-w C:\Program Files\lfpsd10N.dll 2001-10-30 17:00 507,904 ----a-w C:\Program Files\Ftwstr32.dll 2001-10-30 17:00 5,832,704 ----a-w C:\Program Files\Ftw.exe 2001-10-30 17:00 5,619,712 ----a-w C:\Program Files\Ftwbmp32.dll 2001-10-30 17:00 48,640 ----a-w C:\Program Files\launch32.dll 2001-10-30 17:00 48,640 ----a-w C:\Program Files\INETWH32.dll 2001-10-30 17:00 45,900 ----a-w C:\Program Files\LINCOLN.BMP 2001-10-30 17:00 435,200 ----a-w C:\Program Files\ftwsys.bin 2001-10-30 17:00 4,532,896 ----a-w C:\Program Files\GENEHP32.HLP 2001-10-30 17:00 38,912 ----a-w C:\Program Files\FTOINST.EXE 2001-10-30 17:00 36,864 ----a-w C:\Program Files\FtwTlbr.dll 2001-10-30 17:00 35,840 ----a-w C:\Program Files\lttwn10N.dll 2001-10-30 17:00 35,840 ----a-w C:\Program Files\lflma10N.dll 2001-10-30 17:00 34,304 ----a-w C:\Program Files\lfbmp10N.dll 2001-10-30 17:00 338,944 ----a-w C:\Program Files\lffpx7.dll 2001-10-30 17:00 337 ----a-w C:\Program Files\Readme32.cnt 2001-10-30 17:00 331,776 ----a-w C:\Program Files\pg30.dll 2001-10-30 17:00 33,280 ----a-w C:\Program Files\lfpcx10N.dll 2001-10-30 17:00 32,768 ----a-w C:\Program Files\Ftwmsc32.dll 2001-10-30 17:00 31,744 ----a-w C:\Program Files\lflmb10N.dll 2001-10-30 17:00 297,472 ----a-w C:\Program Files\ltkrn10N.dll 2001-10-30 17:00 28,672 ----a-w C:\Program Files\Ftwskc32.dll 2001-10-30 17:00 28,672 ----a-w C:\Program Files\Ftwsk32.dll 2001-10-30 17:00 274,432 ----a-w C:\Program Files\KinRes.dll 2001-10-30 17:00 27,136 ----a-w C:\Program Files\lfimg10N.dll 2001-10-30 17:00 266,752 ----a-w C:\Program Files\LFCMP10N.DLL 2001-10-30 17:00 26,112 ----a-w C:\Program Files\lfpcd10N.dll 2001-10-30 17:00 25,744 ----a-w C:\Program Files\Ftw32.cnt 2001-10-30 17:00 245,760 ----a-w C:\Program Files\ftwwrp32.dll 2001-10-30 17:00 231,424 ----a-w C:\Program Files\LTDIS10N.dll 2001-10-30 17:00 23,981 ----a-w C:\Program Files\README32.HLP 2001-10-30 17:00 23,120 ----a-w C:\Program Files\pkwdcl.dll 2001-10-30 17:00 212,480 ----a-w C:\Program Files\PCDLIB32.DLL 2001-10-30 17:00 196,608 ----a-w C:\Program Files\TextEditor.dll 2001-10-30 17:00 17,920 ----a-w C:\Program Files\implode.dll 2001-10-30 17:00 158,560 ----a-w C:\Program Files\APRXDIST.EXE 2001-10-30 17:00 150,528 ----a-w C:\Program Files\ssce5132.dll 2001-10-30 17:00 131 ----a-w C:\Program Files\prd.bin 2001-10-30 17:00 122,880 ----a-w C:\Program Files\LFKODAK.DLL 2001-10-30 17:00 122,368 ----a-w C:\Program Files\lftif10N.dll 2001-10-30 17:00 114,176 ----a-w C:\Program Files\ltimg10N.dll 2001-10-30 17:00 11,120 ----a-w C:\Program Files\License.txt 2001-10-30 17:00 11,120 ----a-w C:\Program Files\license.doc 2001-10-30 17:00 103,424 ----a-w C:\Program Files\ltfil10N.DLL 2001-10-30 17:00 100,352 ----a-w C:\Program Files\lffpx10N.dll 2001-10-30 17:00 10,432 ----a-w C:\Program Files\winsock.aol 2001-10-30 17:00 1,445,888 ----a-w C:\Program Files\ftwmfc.dll 1995-11-10 08:00 5,813 ----a-w C:\Program Files\README.TXT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-05 23:04] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-13 23:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2006-01-19 11:06] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 12:42] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 18:05] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Inna Zatulovsky^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] path=C:\Documents and Settings\Inna Zatulovsky\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 . Contents of the 'Scheduled Tasks' folder "2007-11-12 15:36:31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Inna Zatulovsky.job" - C:\Program Files\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 17:48:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-13 17:56:05 - machine was rebooted C:\ComboFix2.txt ... 2007-11-13 16:06 . --- E O F --- 2) Here is the Hijack new file : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:25:28 PM, on 11/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoc.ops.placeware.com/etc/place/...quicksilver.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) - http://client.dbm.com/v51/ie/controls/CoreportSsoClient.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8868 bytes 3) Yes, I have purchased NAV - it has 201 days until expiration.
  7. 1) HERE IS THE NEW Hijack file : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:22:27 PM, on 11/13/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\Fonts\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [1067cd81] rundll32.exe "C:\WINDOWS\system32\uekhubyt.dll",b O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoc.ops.placeware.com/etc/place/...quicksilver.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) - http://client.dbm.com/v51/ie/controls/CoreportSsoClient.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8686 bytes HERE IS THE COMBOFIX.txt FIle : ComboFix 07-11-08.1 - Inna Zatulovsky 2007-11-13 15:37:04.1 - NTFSx86 Running from: C:\Documents and Settings\Inna Zatulovsky\Desktop\My Downloads\ComboFix.exe * Created a new restore point . Unable to gain System Privileges ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk c:\documents and settings\inna zatulovsky\favorites\Online Security Guide.lnk C:\WINDOWS\cookies.ini C:\WINDOWS\mrofinu1188.exe C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\pac.txt C:\WINDOWS\SYSTEM32\qpqss.bak1 C:\WINDOWS\SYSTEM32\qpqss.bak2 C:\WINDOWS\SYSTEM32\qpqss.ini C:\WINDOWS\SYSTEM32\qpqss.ini2 C:\WINDOWS\SYSTEM32\qpqss.tmp C:\WINDOWS\system32\ssqpq.dll C:\WINDOWS\SYSTEM32\stvwa.bak1 C:\WINDOWS\SYSTEM32\stvwa.bak2 C:\WINDOWS\SYSTEM32\stvwa.ini C:\WINDOWS\SYSTEM32\stvwa.ini2 C:\WINDOWS\SYSTEM32\stvwa.tmp C:\z.exe . ((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 ))))))))))))))))))))))))))))))) . 2007-11-13 15:33 115,208 --a------ C:\WINDOWS\SYSTEM32\xvuwrgja.dll 2007-11-13 15:31 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-12 23:45 80,448 --a------ C:\WINDOWS\SYSTEM32\jkeogwpx.dll 2007-11-12 23:42 88,128 --a------ C:\WINDOWS\SYSTEM32\uekhubyt.dll 2007-11-12 19:45 <DIR> d-------- C:\Program Files\Trend Micro 2007-11-12 18:46 <DIR> d-------- C:\VundoFix Backups 2007-11-12 18:16 <DIR> d-------- C:\Program Files\Common Files\Java 2007-11-12 09:43 36,352 --a------ C:\WINDOWS\SYSTEM32\pmnklif.dll 2007-11-11 23:42 81,472 --a------ C:\WINDOWS\SYSTEM32\lvupxqcc.dll 2007-11-10 11:48 <DIR> d-------- C:\Program Files\Lavasoft 2007-11-10 11:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-10 11:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-11-10 11:31 36,352 --a------ C:\WINDOWS\SYSTEM32\gebyxur.dll 2007-11-09 23:03 81,472 --a------ C:\WINDOWS\SYSTEM32\jydtkaea.dll 2007-11-09 08:35 77,888 --a------ C:\WINDOWS\SYSTEM32\xclqbllv.dll 2007-11-09 08:27 35,328 --a------ C:\WINDOWS\SYSTEM32\ddcaxuu.dll 2007-11-08 23:03 77,888 --a------ C:\WINDOWS\SYSTEM32\imwsciin.dll 2007-11-08 22:51 437,872 --a------ C:\Documents and Settings\Inna Zatulovsky\z.dat 2007-11-08 22:51 35,328 --a------ C:\WINDOWS\SYSTEM32\xxyxxxw.dll 2007-11-08 22:51 17,523 --a------ C:\Documents and Settings\Inna Zatulovsky\x.dat 2007-11-08 22:51 0 --a------ C:\x.dat 2007-11-08 22:50 172,032 --a------ C:\winlogon.exe 2007-11-08 10:35 80,448 --a------ C:\WINDOWS\SYSTEM32\nblcjngk.dll 2007-11-07 16:32 <DIR> d-------- C:\Program Files\Enigma Software Group 2007-11-07 16:10 35,328 --a------ C:\WINDOWS\SYSTEM32\iifccde.dll 2007-11-06 22:28 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll 2007-11-06 22:26 134 --a------ C:\n.bat 2007-11-06 22:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\Mz18r 2007-11-06 22:25 <DIR> d-------- C:\Temp\mZOr 2007-11-06 22:25 35,328 --a------ C:\WINDOWS\SYSTEM32\awtqoli.dll 2007-11-06 22:25 0 --a------ C:\z.dat 2007-11-06 22:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP 2007-11-04 23:43 <DIR> d-------- C:\Documents and Settings\Inna Zatulovsky\Shared 2007-11-04 23:42 <DIR> d-------- C:\Documents and Settings\Inna Zatulovsky\Incomplete 2007-11-04 23:42 <DIR> d-------- C:\Documents and Settings\Inna Zatulovsky\Application Data\LimeWire 2007-11-04 23:39 <DIR> d-------- C:\Program Files\LimeWire 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll 2007-10-30 19:55 191,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys 2007-10-30 19:55 145,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys 2007-10-30 19:55 39,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys 2007-10-30 19:55 37,936 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndisv.sys 2007-10-30 19:55 35,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys 2007-10-30 19:55 27,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys 2007-10-30 19:55 12,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-13 23:56 --------- d-----w C:\Program Files\Plaxo 2007-11-13 02:18 --------- d-----w C:\Program Files\Java 2007-11-10 21:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-11-10 21:15 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-11-10 21:15 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-11-10 21:15 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-11-10 21:15 --------- d-----w C:\Program Files\Symantec 2007-11-10 03:27 --------- d-----w C:\Documents and Settings\Inna Zatulovsky\Application Data\AdobeUM 2007-11-08 02:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-07 06:28 278,534 ----a-w C:\WINDOWS\Fonts\Setup.exe 2007-11-07 06:23 278,533 --sh--w C:\WINDOWS\Fonts\svchost.exe 2007-10-31 03:24 12,963 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2007-10-31 03:24 1,358 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf 2007-09-23 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-09-23 15:39 --------- d-----w C:\Program Files\Norton AntiVirus 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 21:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 21:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 21:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 21:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 21:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 21:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 21:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-16 01:46 --------- d-----w C:\Program Files\Windows Installer Clean Up 2007-09-16 01:45 --------- d-----w C:\Program Files\MSECACHE 2007-09-16 00:04 --------- d-----w C:\Documents and Settings\Inna Zatulovsky\Application Data\Skype 2006-05-12 05:16 150,912 ----a-w C:\Documents and Settings\Inna Zatulovsky\Application Data\GDIPFONTCACHEV1.DAT 2004-01-08 05:17 11,401 ----a-w C:\Program Files\GAL2SET.LOG 2004-01-05 04:38 498 ----a-w C:\Program Files\FTW.ini 2004-01-05 04:28 29,364 ----a-w C:\Program Files\Uninst.isu 2001-10-30 17:00 94,179 ----a-w C:\Program Files\FF_TIPS.HLP 2001-10-30 17:00 90,112 ----a-w C:\Program Files\Ftwbub32.dll 2001-10-30 17:00 803,680 ----a-w C:\Program Files\AXDIST.EXE 2001-10-30 17:00 77,824 ----a-w C:\Program Files\lffax10N.dll 2001-10-30 17:00 74,240 ----a-w C:\Program Files\infolink.dll 2001-10-30 17:00 690,472 ----a-w C:\Program Files\FTW32.HLP 2001-10-30 17:00 69,632 ----a-w C:\Program Files\Imaging.dll 2001-10-30 17:00 653,100 ----a-w C:\Program Files\MAPLOCS.HLP 2001-10-30 17:00 61,440 ----a-w C:\Program Files\aqueduct.dll 2001-10-30 17:00 58,368 ----a-w C:\Program Files\lfwmf10N.dll 2001-10-30 17:00 57,344 ----a-w C:\Program Files\pgcntl32.dll 2001-10-30 17:00 57,344 ----a-w C:\Program Files\Ftosub.exe 2001-10-30 17:00 56,320 ----a-w C:\Program Files\lfpsd10N.dll 2001-10-30 17:00 507,904 ----a-w C:\Program Files\Ftwstr32.dll 2001-10-30 17:00 5,832,704 ----a-w C:\Program Files\Ftw.exe 2001-10-30 17:00 5,619,712 ----a-w C:\Program Files\Ftwbmp32.dll 2001-10-30 17:00 48,640 ----a-w C:\Program Files\launch32.dll 2001-10-30 17:00 48,640 ----a-w C:\Program Files\INETWH32.dll 2001-10-30 17:00 45,900 ----a-w C:\Program Files\LINCOLN.BMP 2001-10-30 17:00 435,200 ----a-w C:\Program Files\ftwsys.bin 2001-10-30 17:00 4,532,896 ----a-w C:\Program Files\GENEHP32.HLP 2001-10-30 17:00 38,912 ----a-w C:\Program Files\FTOINST.EXE 2001-10-30 17:00 36,864 ----a-w C:\Program Files\FtwTlbr.dll 2001-10-30 17:00 35,840 ----a-w C:\Program Files\lttwn10N.dll 2001-10-30 17:00 35,840 ----a-w C:\Program Files\lflma10N.dll 2001-10-30 17:00 34,304 ----a-w C:\Program Files\lfbmp10N.dll 2001-10-30 17:00 338,944 ----a-w C:\Program Files\lffpx7.dll 2001-10-30 17:00 337 ----a-w C:\Program Files\Readme32.cnt 2001-10-30 17:00 331,776 ----a-w C:\Program Files\pg30.dll 2001-10-30 17:00 33,280 ----a-w C:\Program Files\lfpcx10N.dll 2001-10-30 17:00 32,768 ----a-w C:\Program Files\Ftwmsc32.dll 2001-10-30 17:00 31,744 ----a-w C:\Program Files\lflmb10N.dll 2001-10-30 17:00 297,472 ----a-w C:\Program Files\ltkrn10N.dll 2001-10-30 17:00 28,672 ----a-w C:\Program Files\Ftwskc32.dll 2001-10-30 17:00 28,672 ----a-w C:\Program Files\Ftwsk32.dll 2001-10-30 17:00 274,432 ----a-w C:\Program Files\KinRes.dll 2001-10-30 17:00 27,136 ----a-w C:\Program Files\lfimg10N.dll 2001-10-30 17:00 266,752 ----a-w C:\Program Files\LFCMP10N.DLL 2001-10-30 17:00 26,112 ----a-w C:\Program Files\lfpcd10N.dll 2001-10-30 17:00 25,744 ----a-w C:\Program Files\Ftw32.cnt 2001-10-30 17:00 245,760 ----a-w C:\Program Files\ftwwrp32.dll 2001-10-30 17:00 231,424 ----a-w C:\Program Files\LTDIS10N.dll 2001-10-30 17:00 23,981 ----a-w C:\Program Files\README32.HLP 2001-10-30 17:00 23,120 ----a-w C:\Program Files\pkwdcl.dll 2001-10-30 17:00 212,480 ----a-w C:\Program Files\PCDLIB32.DLL 2001-10-30 17:00 196,608 ----a-w C:\Program Files\TextEditor.dll 2001-10-30 17:00 17,920 ----a-w C:\Program Files\implode.dll 2001-10-30 17:00 158,560 ----a-w C:\Program Files\APRXDIST.EXE 2001-10-30 17:00 150,528 ----a-w C:\Program Files\ssce5132.dll 2001-10-30 17:00 131 ----a-w C:\Program Files\prd.bin 2001-10-30 17:00 122,880 ----a-w C:\Program Files\LFKODAK.DLL 2001-10-30 17:00 122,368 ----a-w C:\Program Files\lftif10N.dll 2001-10-30 17:00 114,176 ----a-w C:\Program Files\ltimg10N.dll 2001-10-30 17:00 11,120 ----a-w C:\Program Files\License.txt 2001-10-30 17:00 11,120 ----a-w C:\Program Files\license.doc 2001-10-30 17:00 103,424 ----a-w C:\Program Files\ltfil10N.DLL 2001-10-30 17:00 100,352 ----a-w C:\Program Files\lffpx10N.dll 2001-10-30 17:00 10,432 ----a-w C:\Program Files\winsock.aol 2001-10-30 17:00 1,445,888 ----a-w C:\Program Files\ftwmfc.dll 1995-11-10 08:00 5,813 ----a-w C:\Program Files\README.TXT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C1DD717-53B2-485E-A17B-C9977C205E10}] 2007-11-06 22:25 35328 --a------ C:\WINDOWS\system32\awtqoli.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78DCEF3E-192D-4AD0-848D-A0FD600A2E6E}] 2007-11-13 16:01 313440 --a------ C:\WINDOWS\system32\vturs.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f15994d4-5185-4b60-8c4f-e29411759fcc}] 2007-11-12 23:45 80448 --a------ C:\WINDOWS\system32\jkeogwpx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 04:59 C:\WINDOWS\BCMSMMSG.exe] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-05 23:04] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2007-01-13 23:11] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59] "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-11-06 22:23] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "1067cd81"="C:\WINDOWS\system32\uekhubyt.dll" [2007-11-12 23:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PlaxoUpdate"="C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" [2006-11-16 12:42] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 18:05] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{1C1DD717-53B2-485E-A17B-C9977C205E10}"= C:\WINDOWS\system32\awtqoli.dll [2007-11-06 22:25 35328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqoli] awtqoli.dll 2007-11-06 22:25 35328 C:\WINDOWS\SYSTEM32\awtqoli.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\vturs.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Reminder.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk backup=C:\WINDOWS\pss\Event Reminder.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk backup=C:\WINDOWS\pss\Forget Me Not.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Inna Zatulovsky^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] path=C:\Documents and Settings\Inna Zatulovsky\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk backup=C:\WINDOWS\pss\Picture Motion Browser Media Check Tool.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Inna Zatulovsky^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe] path=C:\Documents and Settings\Inna Zatulovsky\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1067cd81] rundll32.exe "C:\WINDOWS\system32\uygjjupq.dll",b [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 1 . Contents of the 'Scheduled Tasks' folder "2007-11-12 15:36:31 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Inna Zatulovsky.job" - C:\Program Files\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-13 15:57:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\srutv.ini 317 bytes C:\WINDOWS\system32\srutv.ini2 317 bytes C:\WINDOWS\system32\vturs.dll 313440 bytes executable scan completed successfully hidden files: 3 ************************************************************************** . Completion time: 2007-11-13 16:06:08 - machine was rebooted . --- E O F ---
  8. IE pages are re-directed, etc. Keep running NAV, Ad-Aware (latest version), Spybot - it cleans up mess, but malware keeps popping up again and again... Also removed the old version of Java and reinstalled the latest one. Log fle is below. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:45:55 PM, on 11/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\Fonts\svchost.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\drivers\dcfssvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file) O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKLM\..\Run: [1067cd81] rundll32.exe "C:\WINDOWS\system32\jtmhhhqo.dll",b O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwoc.ops.placeware.com/etc/place/...quicksilver.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O16 - DPF: {F0FCC76D-767E-4759-A447-62289CA775AA} (Coreport SSO Client) - http://client.dbm.com/v51/ie/controls/CoreportSsoClient.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 8730 bytes