Tech Support Forum - View Single Post - AntiSpywareMaster - HELP! :-)

daisi145 · 05-20-2008, 05:54 PM

Thank you for your help on this. I had some trouble finding combofix to download - it kept pointing me to StopZilla. In any case, I figured it out, but then it ran without doing the Windows Recovery Console. It was already started, so it was too late to stop it. Worst case, if this is really bad, I'll just format my computer and start over. But, hopefully, it's ok!

I have posted the Combofix log and the resulting HijackThis log. I'm still getting some error messages and some spam internet windows opening! But some of the problem is fixed!

Let me know what the next step is. THank you again!!!

ComboFix 08-05-20.1 - Elana 2008-05-20 20:21:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.264 [GMT -4:00]
Running from: C:\Documents and Settings\Elana\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MyWay
C:\WINDOWS\cookies.ini
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\baJllnnn.ini
C:\WINDOWS\system32\baJllnnn.ini2
C:\WINDOWS\system32\cubypcqf.ini
C:\WINDOWS\system32\dhbtjvhr.ini
C:\WINDOWS\system32\Hknoqtwa.ini
C:\WINDOWS\system32\Hknoqtwa.ini2
C:\WINDOWS\system32\huhpxlnt.ini
C:\WINDOWS\system32\jRYFOqss.ini
C:\WINDOWS\system32\jRYFOqss.ini2
C:\WINDOWS\system32\LRtuvyxx.ini
C:\WINDOWS\system32\LRtuvyxx.ini2
C:\WINDOWS\system32\qsBaHkkj.ini
C:\WINDOWS\system32\qsBaHkkj.ini2
C:\WINDOWS\system32\ssqOFYRj.dll
C:\WINDOWS\system32\tmopbbrf.ini
C:\WINDOWS\system32\xxyvutRL.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_IPRIP
-------\Service_6to4
-------\Service_Iprip
-------\Service_new_drv

((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.

2008-05-19 20:42 . 2008-05-19 20:42 <DIR> d-------- C:\Deckard
2008-05-19 19:03 . 2008-05-19 19:03 91,264 --a------ C:\WINDOWS\system32\fqcpybuc.dll
2008-05-19 19:01 . 2008-05-19 19:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-05-15 07:15 . 2008-05-15 07:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2008-05-14 19:56 . 2008-05-14 19:56 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-14 19:34 . 2008-05-14 19:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-13 20:00 . 2008-05-13 20:00 <DIR> d-------- C:\Documents and Settings\Elana\Application Data\TrojanHunter
2008-05-13 19:57 . 2008-05-13 19:57 62,910 --a------ C:\Program Files\Uninstall.exe
2008-05-13 19:57 . 2008-05-13 19:57 0 --a------ C:\Program Files\uninstall.dat
2008-05-13 09:14 . 2008-05-13 09:16 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-05-12 23:01 . 2007-01-13 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-12 23:01 . 2008-05-12 23:02 <DIR> d-------- C:\Documents and Settings\Administrator
2008-05-12 18:21 . 2008-05-12 18:21 <DIR> d-------- C:\Documents and Settings\Elana\Application Data\TmpRecentIcons
2008-05-12 16:48 . 2008-05-12 16:48 29,312 --a------ C:\WINDOWS\system32\efcYQigE.dll
2008-05-12 16:48 . 2008-05-12 16:48 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-12 16:47 . 2008-05-12 13:24 217,088 --a------ C:\WINDOWS\fvowketqplo.dll
2008-05-12 16:47 . 2008-05-12 13:23 167,936 --a------ C:\WINDOWS\mpfanvqg.dll
2008-05-12 16:47 . 2008-05-12 13:24 81,920 --a------ C:\WINDOWS\oadkxrts.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 00:36 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-21 00:14 --------- d-----w C:\Program Files\Trillian
2008-05-12 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2008-05-11 22:18 --------- d-----w C:\Program Files\PokerStars
2008-05-11 21:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 20:59 --------- d-----w C:\Program Files\EPSON
2008-04-19 16:50 --------- d-----w C:\Program Files\Apple Software Update
2008-04-06 22:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-06 16:55 --------- d-----w C:\Documents and Settings\Elana\Application Data\BitTorrent
2008-04-05 15:55 --------- d-----w C:\Program Files\iTunes
2008-04-05 15:55 --------- d-----w C:\Program Files\iPod
2008-04-05 15:52 --------- d-----w C:\Program Files\QuickTime
2008-03-31 02:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 02:26 --------- d-----w C:\Program Files\ABC Amber WordPerfect Converter
2008-03-31 01:30 --------- d-----w C:\Program Files\Ad-Aware
2008-03-29 22:24 --------- d-----w C:\Program Files\ooVoo
2008-03-29 22:24 --------- d-----w C:\Documents and Settings\Elana\Application Data\ooVoo Details
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-22 14:16 --------- d-----w C:\Program Files\Spybot
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2004-12-29 21:22 294,912 ----a-w C:\Program Files\Dead Pixel Finder.exe
2000-03-19 20:49 565,248 ----a-w C:\Program Files\QuickEditor.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12620774-0739-4E25-857E-02181F2FB1F1}]
C:\WINDOWS\system32\awtqonkH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F45C699-9372-4072-A41F-DF58D0F5E0CB}]
C:\WINDOWS\system32\jkkHaBsq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97F7302A-147C-4435-901C-184375993BE6}]
2008-05-12 16:48 29312 --a------ C:\WINDOWS\system32\efcYQigE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BA99F228-D9E2-47D5-9A8D-A295E8E52E93}]
2008-05-12 13:24 217088 --a------ C:\WINDOWS\fvowketqplo.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D9AE2128-515E-43E8-AB00-1A882CC6A89F}]
C:\WINDOWS\system32\nnnllJab.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F74B8E1E-90FC-492B-870B-7E8194692F5C}]
2008-05-20 20:38 319360 --a------ C:\WINDOWS\system32\iifebCRj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AC18EE0-E9B2-428D-844F-6D3EEA227215}"= "C:\WINDOWS\pvnsmfor.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{5ac18ee0-e9b2-428d-844f-6d3eea227215}]
[HKEY_CLASSES_ROOT\pvnsmfor.1]
[HKEY_CLASSES_ROOT\TypeLib\{E959253D-2F5C-480C-B7D2-6BD8996A05B1}]
[HKEY_CLASSES_ROOT\pvnsmfor]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 19:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 18:58 696320]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 13:48 761947]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 282624 C:\WINDOWS\stsystra.exe]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14 576320]
"EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.exe" [ ]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-07-14 18:07 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-07-14 18:04 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-07-14 18:08 118784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-14 12:27 29744]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe" [2006-09-27 20:33 125168]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"Calendar"="C:\Program Files\Desksware\Calendar.exe" [2008-03-10 23:30 1961984]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-03-25 19:08 1047712]
"c00ccc95"="C:\WINDOWS\system32\vfmditjw.dll" [2008-05-20 20:40 91264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:00 15360]

C:\Documents and Settings\Elana\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-12-11 01:00:00 1873280]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{97F7302A-147C-4435-901C-184375993BE6}"= C:\WINDOWS\system32\efcYQigE.dll [2008-05-12 16:48 29312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {90DE9082-22EF-48F0-B2D0-B9F2E42C665B} - C:\WINDOWS\mpfanvqg.dll [2008-05-12 13:23 167936]
"vbksrofa"= {A6A529D7-F35E-4FCC-AAE4-C3D50996FE5B} - C:\WINDOWS\vbksrofa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYQigE]
efcYQigE.dll 2008-05-12 16:48 29312 C:\WINDOWS\system32\efcYQigE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\iifebCRj

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\ooVoo\\ooVoo.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\The Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"C:\\Program Files\\The Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"<NO NAME>"=

R2 DisplayLinkService;DisplayLink Service;"C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe" [2007-08-03 12:38]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 DisplayLinkGA;DisplayLinkGA;C:\WINDOWS\system32\DRIVERS\DisplayLinkGAport.sys [2007-03-09 13:09]
R3 DisplayLinkmirror;DisplayLinkmirror;C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys [2007-03-09 13:16]
R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\WINDOWS\system32\DRIVERS\DisplayLinkUsbPort.sys [2007-06-06 11:02]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-14 12:27]
S3 newnhamga;newnhamga;C:\WINDOWS\system32\DRIVERS\newnhamgaport.sys [2006-05-16 17:57]
S3 newnhammirror;newnhammirror;C:\WINDOWS\system32\DRIVERS\newnhammirrorport.sys [2006-05-16 17:57]
S3 newnhamusbport;USB Display Adapter;C:\WINDOWS\system32\DRIVERS\newnhamusbport.sys []
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 06:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2008-05-09 02:27:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 20:35:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\efcYQigE.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vfmditjw.dll
-> C:\WINDOWS\system32\iifebCRj.dll
-> C:\WINDOWS\mpfanvqg.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkKensingtonSupport.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-05-20 20:45:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 00:44:47

Pre-Run: 1,467,686,912 bytes free
Post-Run: 1,552,097,280 bytes free

250 --- E O F --- 2008-05-15 11:52:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:05 PM, on 5/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkKensingtonSupport.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Desksware\Calendar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: pvnsmfor - {5AC18EE0-E9B2-428D-844F-6D3EEA227215} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2C1.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Calendar] C:\Program Files\Desksware\Calendar.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [c00ccc95] rundll32.exe "C:\WINDOWS\system32\vfmditjw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: mpfanvqg - {90DE9082-22EF-48F0-B2D0-B9F2E42C665B} - C:\WINDOWS\mpfanvqg.dll
O21 - SSODL: vbksrofa - {A6A529D7-F35E-4FCC-AAE4-C3D50996FE5B} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11168 bytes