Filecabinet013

Members
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Filecabinet013

  • Rank
    Member
  1. Sorry about that....skimmed through the directions a bit too fast....No problems anymore to my knowledge. It seems to be running great Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:15:42 PM, on 4/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Napster\napster.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Owner\Desktop\spyware removal kit\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.facebook.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 10374 bytes
  2. alwarebytes' Anti-Malware 1.11 Database version: 633 Scan type: Quick Scan Objects scanned: 32729 Time elapsed: 5 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 9 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  3. ComboFix 08-04-13.3 - Owner 2008-04-15 10:22:30.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.178 [GMT -5:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point FILE :: C:\WINDOWS\system32\cxsthcue.dll C:\WINDOWS\system32\evtxvppv.dll C:\WINDOWS\system32\hixcjuxg.ini C:\WINDOWS\system32\ksspabma.dll C:\WINDOWS\system32\xexifwdu.exe C:\WINDOWS\system32\xslacscm.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\dwfqryxa C:\Documents and Settings\All Users\Application Data\dwfqryxa\fclmrsvk.exe C:\WINDOWS\system32\cxsthcue.dll C:\WINDOWS\system32\evtxvppv.dll C:\WINDOWS\system32\hixcjuxg.ini C:\WINDOWS\system32\ksspabma.dll C:\WINDOWS\system32\xexifwdu.exe C:\WINDOWS\system32\xslacscm.ini . ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))) . 2008-04-13 22:34 . 2008-04-13 22:34 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-13 22:29 . 2008-04-14 14:14 <DIR> d-------- C:\SDFix 2008-04-10 11:31 . 2008-04-10 11:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons 2008-04-10 10:51 . 2008-04-11 09:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-10 10:51 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-04-10 10:51 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-04-10 10:51 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-04-10 10:51 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-04-10 10:50 . 2008-04-11 09:44 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-04-10 10:50 . 2008-04-10 10:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-03-24 09:01 . 2008-03-24 09:01 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 19:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-11 01:31 4,776 ----a-w C:\WINDOWS\system32\tmp.reg 2008-04-08 04:06 --------- d-----w C:\Program Files\Magic Workstation 2008-03-24 14:01 --------- d-----w C:\Program Files\iTunes 2008-03-24 13:59 --------- d-----w C:\Program Files\QuickTime 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-07 18:00 148 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2008-03-07 16:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\Template 2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-22 00:19 --------- d-----w C:\Program Files\MSECache 2008-02-21 20:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-21 20:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 05:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ventrilo 2008-02-16 05:40 --------- d-----w C:\Program Files\Ventrilo 2008-02-16 05:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17 50736] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 10:55 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 13:04 59392] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 16:42 79448] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648] "ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 19:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [2003-11-10 20:23 369664] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-01 14:00 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 13:55 126976] "SoundMan"="SOUNDMAN.EXE" [2004-10-21 17:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-10-21 20:44 2744832 C:\WINDOWS\ALCWZRD.EXE] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816] "IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 21:28 431752] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-06-30 11:49 99480] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 19:36 323216] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\iTunes\\iTunes.exe"= R3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-25 01:35] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-03 21:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-15 10:25:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-15 10:29:58 ComboFix-quarantined-files.txt 2008-04-15 15:29:54 ComboFix2.txt 2008-04-14 22:11:37 ComboFix3.txt 2008-02-11 23:38:00 ComboFix4.txt 2008-02-11 20:09:50 Pre-Run: 155,759,976,448 bytes free Post-Run: 155,742,248,960 bytes free . 2008-04-14 08:08:32 --- E O F ---
  4. ComboFix 08-04-13.3 - Owner 2008-04-14 14:36:05.5 - NTFSx86 Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Owner\Desktopblackbird.jpg C:\Documents and Settings\Owner\DesktopEditorFKWP1.5.exe C:\Documents and Settings\Owner\DesktopEditorFKWP2.0.exe C:\Documents and Settings\Owner\Desktopfilemanagerclient.exe C:\Documents and Settings\Owner\Desktopfkwp1.5.exe C:\Documents and Settings\Owner\Desktopfkwp2.0.exe C:\Documents and Settings\Owner\Desktopfwebd.exe C:\Documents and Settings\Owner\DesktopFWebdEditor.exe C:\Documents and Settings\Owner\DesktopTrojan.Win32.BlackBird.exe C:\Documents and Settings\Owner\Desktopvirii C:\kmd.exe C:\Program Files\Inet Delivery C:\Program Files\Inet Delivery\inetdl.exe C:\Program Files\Inet Delivery\intdel.exe C:\WINDOWS\a.bat C:\WINDOWS\base64.tmp C:\WINDOWS\bdn.com C:\WINDOWS\cookies.ini C:\WINDOWS\FVProtect.exe C:\WINDOWS\mslagent C:\WINDOWS\mslagent\2_mslagent.dll C:\WINDOWS\mslagent\mslagent.exe C:\WINDOWS\mslagent\uninstall.exe C:\WINDOWS\mssecu.exe C:\WINDOWS\system32\cggfvqsg.dll C:\WINDOWS\system32\gsqvfggc.ini C:\WINDOWS\system32\jkkLBsQK.dll C:\WINDOWS\system32\KQsBLkkj.ini C:\WINDOWS\system32\KQsBLkkj.ini2 C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\rqRIaYoN.dll C:\WINDOWS\system32akttzn.exe C:\WINDOWS\system32anticipator.dll C:\WINDOWS\system32awtoolb.dll C:\WINDOWS\system32bdn.com C:\WINDOWS\system32bsva-egihsg52.exe C:\WINDOWS\system32dpcproxy.exe C:\WINDOWS\system32emesx.dll C:\WINDOWS\[email protected]@@k.dll C:\WINDOWS\system32hoproxy.dll C:\WINDOWS\system32hxiwlgpm.dat C:\WINDOWS\system32hxiwlgpm.exe C:\WINDOWS\system32medup012.dll C:\WINDOWS\system32medup020.dll C:\WINDOWS\system32msgp.exe C:\WINDOWS\system32msnbho.dll C:\WINDOWS\system32mssecu.exe C:\WINDOWS\system32msvchost.exe C:\WINDOWS\system32mtr2.exe C:\WINDOWS\system32mwin32.exe C:\WINDOWS\system32netode.exe C:\WINDOWS\system32newsd32.exe C:\WINDOWS\system32ps1.exe C:\WINDOWS\system32psof1.exe C:\WINDOWS\system32psoft1.exe C:\WINDOWS\system32regc64.dll C:\WINDOWS\system32regm64.dll C:\WINDOWS\system32Rundl1.exe C:\WINDOWS\system32smp C:\WINDOWS\system32smp\msrc.exe C:\WINDOWS\system32sncntr.exe C:\WINDOWS\system32ssurf022.dll C:\WINDOWS\system32ssvchost.com C:\WINDOWS\system32ssvchost.exe C:\WINDOWS\system32sysreq.exe C:\WINDOWS\system32taack.dat C:\WINDOWS\system32taack.exe C:\WINDOWS\system32temp#01.exe C:\WINDOWS\system32thun.dll C:\WINDOWS\system32thun32.dll C:\WINDOWS\system32VBIEWER.OCX C:\WINDOWS\system32vbsys2.dll C:\WINDOWS\system32vcatchpi.dll C:\WINDOWS\system32winlogonpc.exe C:\WINDOWS\system32winsystem.exe C:\WINDOWS\system32WINWGPX.EXE C:\WINDOWS\userconfig9x.dll C:\WINDOWS\winsystem.exe C:\WINDOWS\zip1.tmp C:\WINDOWS\zip2.tmp C:\WINDOWS\zip3.tmp C:\WINDOWS\zipped.tmp . ((((((((((((((((((((((((( Files Created from 2008-03-14 to 2008-04-14 ))))))))))))))))))))))))))))))) . 2008-04-13 22:34 . 2008-04-13 22:34 <DIR> d-------- C:\WINDOWS\ERUNT 2008-04-13 22:29 . 2008-04-14 14:14 <DIR> d-------- C:\SDFix 2008-04-13 22:23 . 2008-04-13 22:23 3,648 --a------ C:\WINDOWS\system32\evtxvppv.dll 2008-04-11 10:43 . 2008-04-13 22:22 1,582 ---hs---- C:\WINDOWS\system32\xslacscm.ini 2008-04-11 10:40 . 2008-04-11 10:40 3,648 --a------ C:\WINDOWS\system32\ksspabma.dll 2008-04-10 11:31 . 2008-04-10 11:31 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons 2008-04-10 10:51 . 2008-04-11 09:45 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-10 10:51 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-04-10 10:51 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-04-10 10:51 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-04-10 10:51 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-04-10 10:50 . 2008-04-11 09:44 <DIR> d-------- C:\Program Files\Spyware Doctor 2008-04-10 10:50 . 2008-04-10 10:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools 2008-04-10 10:38 . 2008-04-10 10:38 3,648 --a------ C:\WINDOWS\system32\cxsthcue.dll 2008-04-10 10:38 . 2008-04-11 10:38 1,402 --ahs---- C:\WINDOWS\system32\hixcjuxg.ini 2008-04-10 10:29 . 2008-04-10 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\dwfqryxa 2008-04-10 10:29 . 2008-04-10 10:29 98,304 --a------ C:\WINDOWS\system32\xexifwdu.exe 2008-03-24 09:01 . 2008-03-24 09:01 <DIR> d-------- C:\Program Files\iPod . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-14 19:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-04-08 04:06 --------- d-----w C:\Program Files\Magic Workstation 2008-03-24 14:01 --------- d-----w C:\Program Files\iTunes 2008-03-24 13:59 --------- d-----w C:\Program Files\QuickTime 2008-03-07 18:00 148 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat 2008-03-07 16:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\Template 2008-02-22 00:19 --------- d-----w C:\Program Files\MSECache 2008-02-21 20:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-21 20:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-16 05:44 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ventrilo 2008-02-16 05:40 --------- d-----w C:\Program Files\Ventrilo 2008-02-16 05:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-14 04:41 --------- d-----w C:\Program Files\Guild Wars 2008-02-14 03:32 --------- d-----w C:\Program Files\Java . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17 50736] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 10:55 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360] "oeaeyqar"="C:\WINDOWS\system32\xexifwdu.exe" [2008-04-10 10:29 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 13:04 59392] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 17:04 135168] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 16:42 79448] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648] "ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 19:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [2003-11-10 20:23 369664] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-01 14:00 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 13:55 126976] "SoundMan"="SOUNDMAN.EXE" [2004-10-21 17:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-10-21 20:44 2744832 C:\WINDOWS\ALCWZRD.EXE] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816] "IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 21:28 431752] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 02:11 771704] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-06-30 11:49 99480] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 19:36 323216] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRIaYoN] rqRIaYoN.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\iTunes\\iTunes.exe"= R3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-06-25 01:35] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-04-03 21:57:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-14 17:05:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\ehome\ehRecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2008-04-14 17:11:36 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-14 22:11:31 ComboFix2.txt 2008-02-11 23:38:00 ComboFix3.txt 2008-02-11 20:09:50 Pre-Run: 155,156,979,712 bytes free Post-Run: 155,760,906,240 bytes free . 2008-04-14 08:08:32 --- E O F --- so...whatcha got for me man?
  5. on a somewhat amusing note....one of the symptoms that i hadnt noticed until this morning before i got your reply was random rap music would play.....by rap music i mean A single 30 second clip of one really bad rap song would loop very loudly...i laughed out loud really hard at that... anywhose SDfix was amazing...heres the 2 logs. SDFix: Version 1.170 Run by Owner on Sun 04/13/2008 at 10:40 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\Installer\{d2d6ab80-00b0-41b2-9bfa-8bca8132d73f}\zip.dll - Deleted C:\WINDOWS\Resources\CheckDrv.dll - Deleted C:\Program Files\tmp0.exe - Deleted C:\Program Files\tmp1.exe - Deleted C:\Program Files\tmp2.exe - Deleted C:\Program Files\tmp3.exe - Deleted C:\Documents and Settings\Owner\Desktop\Error Cleaner.url - Deleted C:\Documents and Settings\Owner\Favorites\Error Cleaner.url - Deleted C:\Documents and Settings\Owner\Desktop\Privacy Protector.url - Deleted C:\Documents and Settings\Owner\Favorites\Privacy Protector.url - Deleted C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url - Deleted C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url - Deleted C:\WINDOWS\privacy_danger\index.htm - Deleted C:\WINDOWS\privacy_danger\images\capt.gif - Deleted C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted C:\WINDOWS\privacy_danger\images\down.gif - Deleted C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted C:\Program Files\akl\akl.dll - Deleted C:\Program Files\akl\akl.exe - Deleted C:\Program Files\akl\uninstall.exe - Deleted C:\Program Files\akl\unsetup.exe - Deleted C:\WINDOWS\temlxopqpkd.dll - Deleted C:\Program Files\antiviirus.exe - Deleted C:\WINDOWS\apoxqwfv.exe - Deleted C:\WINDOWS\iTunesMusic.exe - Deleted C:\WINDOWS\mgsvflkw.dll - Deleted C:\WINDOWS\qdnkewfa.dll - Deleted C:\WINDOWS\rs.txt - Deleted C:\WINDOWS\vnbptxlf.dll - Deleted C:\WINDOWS\Web\def.htm - Deleted Could Not Remove C:\WINDOWS\system32smp Folder C:\WINDOWS\Installer\{d2d6ab80-00b0-41b2-9bfa-8bca8132d73f} - Removed Folder C:\Program Files\akl - Removed Folder C:\WINDOWS\privacy_danger - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-13 23:16:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files : C:\WINDOWS\system32smp Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Fri 1 Dec 2006 0 A..H. --- "C:\My Backup -- 18-08-07 1158\Downloads\pierre_canali_deck.mp4.zip" Mon 25 Jun 2007 7,239 A..H. --- "C:\My Backup -- 18-08-07 1158\temp\t4.bak" Mon 25 Jun 2007 7,236 A..H. --- "C:\My Backup -- 18-08-07 1158\temp\t4.bak1" Mon 25 Jun 2007 6,657 A..H. --- "C:\My Backup -- 18-08-07 1158\temp\t4.bak2" Mon 25 Jun 2007 7,252 A..H. --- "C:\My Backup -- 18-08-07 1158\temp\t4.bak3" Mon 25 Jun 2007 7,250 A..H. --- "C:\My Backup -- 18-08-07 1158\temp\t4.bak4" Tue 12 Dec 1989 820,000 ..SHR --- "C:\My Backup -- 18-08-07 1158\WINDOWS\bvpypen.exe" Wed 30 Jun 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe" Wed 30 Jun 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe" Wed 30 Jun 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe" Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" Mon 17 Sep 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 7 May 2004 54,384 A..H. --- "C:\My Backup -- 18-08-07 1158\Program Files\America Online 9.0\aolphx.exe" Fri 7 May 2004 156,784 A..H. --- "C:\My Backup -- 18-08-07 1158\Program Files\America Online 9.0\aoltray.exe" Fri 7 May 2004 31,344 A..H. --- "C:\My Backup -- 18-08-07 1158\Program Files\America Online 9.0\RBM.exe" Mon 3 Oct 2005 0 A.SH. --- "C:\My Backup -- 18-08-07 1158\WINDOWS\Temp\72vxr6pa.TMP" Thu 15 Dec 2005 0 A.SH. --- "C:\My Backup -- 18-08-07 1158\WINDOWS\Temp\ol5u7723.TMP" Mon 29 Aug 2005 4,348 A.SH. --- "C:\My Backup -- 25-09-05 2242\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 27 Sep 2005 4,348 A.SH. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\All Users\DRM\DRMv1.bak" Tue 4 Oct 2005 84,300,651 A..H. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\dn220.tmp" Sat 7 Apr 2007 12 A..H. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\~temp01083590330.tmp" Sun 30 Sep 2007 4,181 A.SH. --- "C:\Documents and Settings\Owner\Application Data\Roxio\Dragon\DiscInfoCache\LITE-ON__DVDRW_SOHW-1633S_BGS4_300_DICV018_DRGV20100BC.TMP" Mon 29 Aug 2005 4,348 ...H. --- "C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak" Thu 1 Sep 2005 20 A..H. --- "C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak" Mon 22 Aug 2005 400 A.SH. --- "C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak" Sat 10 Feb 2007 187 A..H. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Free Download Manager\tic128D.tmp" Wed 17 Jan 2007 950 A..H. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Free Download Manager\tic6CB.tmp" Wed 17 Jan 2007 477 A..H. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Free Download Manager\tic6DA.tmp" Mon 22 Jan 2007 223 A..H. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Free Download Manager\ticA.tmp" Tue 27 Sep 2005 4,348 ...H. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1key.bak" Tue 27 Sep 2005 20 A..H. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv1lic.bak" Tue 27 Sep 2005 400 A.SH. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak" Thu 22 Sep 2005 5,225 A.SH. --- "C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Application Data\Roxio\Dragon\DiscInfoCache\LITE-ON__DVDRW_SOHW-1633S_BGS4_300_DICV018_DRGV20100BC.TMP" Tue 27 Sep 2005 1,640 A.SH. --- "C:\My Backup -- 27-09-05 1202\Documents and Settings\Owner\Application Data\Roxio\Dragon\DiscInfoCache\LITE-ON__DVDRW_SOHW-1633S_BGS4_300_DICV018_DRGV20100BC.TMP" Mon 28 May 2007 2,130 A.SH. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Roxio\Dragon\DiscInfoCache\HL-DT-ST_DVD-ROM_GDR8163B_0W20_310_DICV018_DRGV20100BC.TMP" Fri 8 Jun 2007 4,109 A.SH. --- "C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Roxio\Dragon\DiscInfoCache\LITE-ON__DVDRW_SOHW-1633S_BGS4_300_DICV018_DRGV20100BC.TMP" Finished! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:45 PM, on 4/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Napster\napster.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\xexifwdu.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Desktop\spyware removal kit\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.facebook.com/ O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [5cca4689] rundll32.exe "C:\WINDOWS\system32\cggfvqsg.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [oeaeyqar] C:\WINDOWS\system32\xexifwdu.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 9462 bytes works much better so far....i bet theres sill some bugs in there..thank you
  6. ive used these forums before and they have been truely helpful. My roommates computer went down yesterday, added popups, changed his desktop to a red biohazard logo saying somthing along the lines of "your privacy is in danger". I attempted to run AdAware but i got the response of "not enough memory". The computer is running signifigantly slower and had troubles downloading and running hijack this. After about an hour it finally ran. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:52:45 AM, on 4/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Documents and Settings\All Users\Application Data\dwfqryxa\fclmrsvk.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Napster\napster.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\antiviirus.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\tmp0.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\xexifwdu.exe C:\Program Files\tmp1.exe C:\Program Files\tmp2.exe C:\Program Files\tmp3.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\Desktop\spyware removal kit\HiJackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.facebook.com/ O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: vnbptxlf - {273127BD-6681-45C8-A0FB-205BE4AEFBF8} - C:\WINDOWS\vnbptxlf.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [antiviirus] C:\Program Files\antiviirus.exe O4 - HKLM\..\Run: [5cca4689] rundll32.exe "C:\WINDOWS\system32\gxujcxih.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [oeaeyqar] C:\WINDOWS\system32\xexifwdu.exe O4 - HKLM\..\Policies\Explorer\Run: [hFo82DNMwU] C:\Documents and Settings\All Users\Application Data\dwfqryxa\fclmrsvk.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O21 - SSODL: CheckDrv - {42918a86-bc0e-4e82-9c1a-307cfe00fcd4} - C:\WINDOWS\Resources\CheckDrv.dll O21 - SSODL: zip - {d2d6ab80-00b0-41b2-9bfa-8bca8132d73f} - C:\WINDOWS\Installer\{d2d6ab80-00b0-41b2-9bfa-8bca8132d73f}\zip.dll O21 - SSODL: qdnkewfa - {F20BBC30-EFB0-4D96-85C3-49EB2E89E336} - C:\WINDOWS\qdnkewfa.dll O21 - SSODL: mgsvflkw - {04A0F780-E54B-4519-9C27-9003F06EC8DC} - C:\WINDOWS\mgsvflkw.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 10829 bytes also this spyware doctor program seems to be rather annoying and useless...anyone know what that is? please help as soon as you can!!!!
  7. computer is running alot better...all the visible problems (i.e infy popups and korean jibberish) have gone away, the computer is also running noticably faster _________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Owner\Cookies\ow[email protected][1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Specificclick Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Pointroll Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Adtech Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Advertising Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Atdmt Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Bluestreak Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Casalemedia Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Com Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Doubleclick Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Ru4 Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Ru4 Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Hitbox Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Fastclick Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Adrevolver Path: C:\Documents and Settings\Owner\Cookies\[email protected][4].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Mediaplex Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Overture Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Questionmarket Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Questionmarket Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Questionmarket Path: C:\Documents and Settings\Owner\Cookies\[email protected][4].txt Risk: Medium Name: TrackingCookie.Realmedia Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Revsci Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Revsci Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Adjuggler Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Serving-sys Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Specificclick Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Specificclick Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Specificclick Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Spylog Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Netflame Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Statcounter Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Adbrite Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Tacoda Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Toplist Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Trafficmp Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: C:\Documents and Settings\Owner\Cookies\[email protected][3].txt Risk: Medium Name: TrackingCookie.Etracker Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Safer-networking Path: C:\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Yadro Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Zedo Path: C:\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Statcounter Path: :mozilla.14:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.15:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.16:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.17:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Burstnet Path: :mozilla.20:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Ru4 Path: :mozilla.26:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.28:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Imrworldwide Path: :mozilla.29:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Realmedia Path: :mozilla.42:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Trafficmp Path: :mozilla.45:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Trafficmp Path: :mozilla.46:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Trafic Path: :mozilla.47:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Tribalfusion Path: :mozilla.48:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.52:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.53:C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wx582f0k.default\cookies.txt Risk: Medium Name: Trojan.ClassLoader.g Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3be9129a.zip/Dex.class Risk: High Name: Trojan.ClassLoader.g Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3be9129a.zip/Dix.class Risk: High Name: Trojan.ClassLoader.g Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-3be9129a.zip/Dux.class Risk: High Name: TrackingCookie.Admarketplace Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Specificclick Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Realcastmedia Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Paypopup Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Starware Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Yadro Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt Risk: Medium Name: Downloader.IstBar.ai Path: C:\My Backup -- 18-08-07 1158\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\9OGZXD05\enter[1].htm Risk: High Name: Adware.Trymedia Path: C:\My Backup -- 18-08-07 1158\Downloads\FishTycoonGESetup-dm[1].exe Risk: Medium Name: Adware.Trymedia Path: C:\My Backup -- 18-08-07 1158\Downloads\RobotArena2-dm[1].exe Risk: Medium Name: Downloader.TSUpdate.j Path: C:\My Backup -- 18-08-07 1158\Program Files\Common Files\fwfr\fwfrd\vocabulary Risk: High Name: Trojan.Delf.li Path: C:\My Backup -- 18-08-07 1158\Program Files\Trillian\patch.exe Risk: High Name: TrackingCookie.Skype Path: C:\My Backup -- 18-08-07 1158\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Aavalue Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Burstnet Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Com Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Ru4 Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Aavalue Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Starware Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][2].txt Risk: Medium Name: TrackingCookie.Toplist Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Burstbeacon Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: TrackingCookie.Paypal Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Cookies\[email protected][1].txt Risk: Medium Name: Not-A-Virus.Exploit.HTML.MHT Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\49S9A7OD\ads[1].htm Risk: Low Name: Not-A-Virus.Exploit.HTML.Mht Path: C:\My Backup -- 25-09-05 2242\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\I2NVTKF3\help[1].htm Risk: Low
  8. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:37:26 AM, on 2/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Napster\napster.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Owner\Desktop\HiJackThis.exe C:\Program Files\AIM6\aolsoftware.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.facebook.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 9569 bytes
  9. New combofix log: ComboFix 08-02.05.3 - Owner 2008-02-11 17:30:38.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.232 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\drvcow.dll C:\WINDOWS\system32\gucifpyk.ini C:\WINDOWS\system32\jkhfe.dll C:\WINDOWS\system32\qyvlbguu.ini C:\WINDOWS\system32\ssttu.dll C:\WINDOWS\system32\ynmphshb.ini . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drvcow.dll C:\WINDOWS\system32\gucifpyk.ini C:\WINDOWS\system32\qyvlbguu.ini C:\WINDOWS\system32\ynmphshb.ini . ((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))) . 2008-02-10 17:47 . 2008-02-10 18:06 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys 2008-02-10 17:33 . 2004-08-10 13:00 388,608 --a------ C:\kmd.exe 2008-01-31 10:43 . 2008-01-31 11:05 <DIR> d-------- C:\VundoFix Backups 2008-01-31 10:28 . 2008-01-31 10:43 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-01-31 10:28 . 2008-01-31 10:28 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-31 10:28 . 2008-01-31 10:28 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-31 10:28 . 2008-01-31 10:28 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-01-30 22:51 . 2008-01-30 22:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-30 22:51 . 2008-01-30 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-30 16:00 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-30 16:00 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-30 16:00 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-30 16:00 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-30 16:00 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-30 16:00 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-30 15:53 . 2008-01-30 16:03 5,552 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-24 16:20 . 2008-01-24 16:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-24 16:20 . 2008-01-24 16:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-24 16:20 . 2008-01-24 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 20:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-01 20:08 --------- d-----w C:\Program Files\Magic Workstation . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 15:17 50736] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 09:55 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 12:04 59392] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 11:36 36975] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04 135168] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 15:42 79448] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "CHotkey"="zHotkey.exe" [] "ShowWnd"="ShowWnd.exe" [2003-09-19 10:09 36864 C:\WINDOWS\ShowWnd.exe] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 18:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [2003-11-10 19:23 369664] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-01 13:00 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 12:55 126976] "SoundMan"="SOUNDMAN.EXE" [2004-10-21 16:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-10-21 19:44 2744832 C:\WINDOWS\ALCWZRD.EXE] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 20:28 431752] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11 771704] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-06-30 10:49 99480] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 18:36 323216] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064] "5cca4689"="C:\WINDOWS\system32\bhshpmny.dll" [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zfujrosu] R3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-02-02 21:38] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-07 22:57:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 17:33:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-11 17:37:59 ComboFix-quarantined-files.txt 2008-02-11 23:37:57 ComboFix2.txt 2008-02-11 20:09:50 . 2008-01-14 09:01:47 --- E O F --- new hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:40:37 PM, on 2/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Napster\napster.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Owner\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.facebook.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [5cca4689] rundll32.exe "C:\WINDOWS\system32\bhshpmny.dll",b O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcow.dll,startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: zfujrosu - C:\WINDOWS\ O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 10014 bytes
  10. combofix in safe mode apparently worked. safemode combofix log: ComboFix 08-02.05.3 - Owner 2008-02-11 14:03:42.3 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.369 [GMT -6:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\dasmcbcl.dll C:\WINDOWS\system32\dvrodjgg.ini C:\WINDOWS\system32\gbuowkfy.dll C:\WINDOWS\system32\ggjdorvd.dll C:\WINDOWS\system32\gvhajmhq.dll C:\WINDOWS\system32\hwksuhgr.dll C:\WINDOWS\system32\ilglcyuv.dll C:\WINDOWS\system32\kaxmsgdo.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mkthnbfb.dll C:\WINDOWS\system32\noemacby.dll C:\WINDOWS\system32\odgsmxak.dll C:\WINDOWS\system32\orqss.ini C:\WINDOWS\system32\orqss.ini2 C:\WINDOWS\system32\pmcthlkv.ini C:\WINDOWS\system32\qhmjahvg.ini C:\WINDOWS\system32\rsamjukw.dll C:\WINDOWS\system32\ssqro.dll C:\WINDOWS\system32\uttss.ini C:\WINDOWS\system32\uttss.ini2 C:\WINDOWS\system32\vklhtcmp.dll C:\WINDOWS\system32\yayxwwv.dll C:\WINDOWS\system32\yskbffcl.dll C:\WINDOWS\system32\zfujrosu.dll C:\WINDOWS\system32\zfujrosu.dllbox D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))) . 2008-02-10 17:47 . 2008-02-10 18:06 60,416 --a------ C:\WINDOWS\system32\drivers\ComboFix.sys 2008-02-05 12:38 . 2008-02-05 20:33 886 --ahs---- C:\WINDOWS\system32\qyvlbguu.ini 2008-02-04 12:37 . 2008-02-05 12:37 766 --ahs---- C:\WINDOWS\system32\ynmphshb.ini 2008-02-02 12:35 . 2008-02-04 10:40 354 --ahs---- C:\WINDOWS\system32\gucifpyk.ini 2008-01-31 10:43 . 2008-01-31 11:05 <DIR> d-------- C:\VundoFix Backups 2008-01-31 10:28 . 2008-01-31 10:43 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2008-01-31 10:28 . 2008-01-31 10:28 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2008-01-31 10:28 . 2008-01-31 10:28 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-01-31 10:28 . 2008-01-31 10:28 1,406 --a------ C:\WINDOWS\system32\Help.ico 2008-01-30 22:51 . 2008-01-30 22:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy 2008-01-30 22:51 . 2008-01-30 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-30 16:00 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-30 16:00 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-30 16:00 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-30 16:00 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-30 16:00 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-30 16:00 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-30 15:53 . 2008-01-30 16:03 5,552 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-30 15:24 . 2008-01-30 15:24 18,944 --a------ C:\WINDOWS\system32\drvcow.dll 2008-01-24 16:20 . 2008-01-24 16:20 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-24 16:20 . 2008-01-24 16:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-24 16:20 . 2008-01-24 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-11 00:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-01 20:08 --------- d-----w C:\Program Files\Magic Workstation . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{702B1160-5AFA-419D-87BD-A49390F78238}] C:\WINDOWS\system32\jkhfe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2AB07FC-6151-485D-9062-58105BC938F3}] C:\WINDOWS\system32\ssttu.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 15:17 50736] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-21 09:55 68856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 12:04 59392] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 11:36 36975] "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 16:04 135168] "AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 15:42 79448] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24 286720] "CHotkey"="zHotkey.exe" [] "ShowWnd"="ShowWnd.exe" [2003-09-19 10:09 36864 C:\WINDOWS\ShowWnd.exe] "Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ] "Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768] "High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-08-12 18:45 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "Mixersel"="C:\Program Files\Realtek\InstallShield\mixersel.exe" [2003-11-10 19:23 369664] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-12-01 13:00 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-12-01 12:55 126976] "SoundMan"="SOUNDMAN.EXE" [2004-10-21 16:20 77824 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-10-21 19:44 2744832 C:\WINDOWS\ALCWZRD.EXE] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816] "IS CfgWiz"="C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2007-01-12 20:28 431752] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 01:11 771704] "Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-06-30 10:49 99480] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768] "NapsterShell"="C:\Program Files\Napster\napster.exe" [2007-01-12 18:36 323216] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064] "MSDisp32"="C:\WINDOWS\system32\drvcow.dll" [2008-01-30 15:24 18944] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme R3 MAC607;MAC607 Filter;C:\WINDOWS\system32\DRIVERS\MAC607.sys [2007-02-02 21:38] *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-02-07 22:57:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-11 14:06:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-02-11 14:09:49 ComboFix-quarantined-files.txt 2008-02-11 20:09:46 . 2008-01-14 09:01:47 --- E O F ---
  11. i did as you said...i cannot find the combofix.txt file that looks like a log....however i did find what appears to be an irrelivant file named combofix.txt...here is what was inside ComboFix 08-02.05.3 - Owner 2008-02-10 17:37:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.172 [GMT -6:00]Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! .
  12. 3 days ago my computer picked up some virus and the symptoms have gone from locking up and showing me a blue screen with korean characters to infinite popups to false norton warnings. i have joined 2 other forums and nobody has offered to help. I have used the following programs and nothing has cleaned everything out. adaware2007 removed 1 malware and 1 virus Smitfraudfix did nothing vundofix removed 14 errors spybot removed 12 errors here is my hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:31:00 AM, on 2/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Napster\napster.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\iTunes\iTunes.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.facebook.com/ O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [showWnd] ShowWnd.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvcow.dll,startup O4 - HKLM\..\Run: [5cca4689] rundll32.exe "C:\WINDOWS\system32\gvhajmhq.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- End of file - 9341 bytes somebody please help and prove that this forum is better than the other places that claimed to have "reliable and timely support"