Setup Corrupted from transfer

joshthemaster06 · 02-05-2007, 04:51 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:50:51 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\csrss.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\{20A73837-09DF-1033-0103-060416200001}\Update.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe"
O4 - Global Startup: dllhost.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://care.alltel.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet...ller_2-0-0.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161218848359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155281428203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

I keep getting this message when i try to open music,word basically anything i need help

joshthemaster06 · 02-06-2007, 05:29 PM

bumpppp

joshthemaster06 · 02-07-2007, 03:21 PM

heres a pick of my problem

**LonnyRJones** · 02-11-2007, 12:02 AM

Hi joshthemaster06
Sorry for the delay

Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com...h/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.

Also post a new hijackthis log.

joshthemaster06 · 02-11-2007, 01:52 PM

This fourm has already been resolved through pms. It need to be sent to the resolved files

**LonnyRJones** · 02-12-2007, 02:10 AM

Humor me, I would still like to see the logs.

joshthemaster06 · 02-12-2007, 04:47 AM

lol yeah the guy that was helping me said that it still had serious infections

joshthemaster06 · 02-12-2007, 05:01 AM

"Owner" - 07-02-12 5:48:19 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\newname.dat
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Ipwindows\ipwins.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\REGEDIT.com
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\unsvchosts.exe
C:\Program Files\Common Files\{20A73~3
C:\Program Files\Common Files\{20A73~1
C:\Program Files\Common Files\{20A73~2
C:\Program Files\Common Files\{30A73~1
C:\Program Files\InetGet2
C:\Program Files\Ipwindows
C:\Program Files\outlook
C:\Program Files\Common Files\{30A73~2

((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 ))))))))))))))))))))))))))))))))))

2007-02-11 23:36 <DIR> d----c--- C:\DOCUME~1\Owner\Saved Games
2007-02-11 23:30 <DIR> d-------- C:\Program Files\Dream Day Wedding
2007-02-11 23:30 <DIR> d-------- C:\Program Files\BFG
2007-02-11 22:33 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\GTek
2007-02-11 22:33 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek
2007-02-11 21:16 1,161 --a------ C:\WINDOWS\checkip.dat
2007-02-08 22:22 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2007-02-08 22:21 <DIR> d-------- C:\Program Files\Reference Assemblies
2007-02-08 22:20 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2007-02-08 22:20 <DIR> d----c--- C:\3ae96b3bf0f7a1e073ae7f
2007-02-08 21:44 90,437 --a--c--- C:\DOCUME~1\Owner\install.exe
2007-02-08 21:44 393,216 --a--c--- C:\DOCUME~1\Owner\shared.exe
2007-02-08 19:47 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\Starware337
2007-02-08 19:47 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Starware337
2007-02-08 19:47 <DIR> d-------- C:\Program Files\Starware337
2007-02-08 17:07 13,040 --a------ C:\WINDOWS\system32\LMIport.dll
2007-02-08 17:07 11,504 --a------ C:\WINDOWS\system32\LMIinit.dll
2007-02-08 17:07 <DIR> d-------- C:\Program Files\LogMeIn
2007-02-07 17:24 190 --a--c--- C:\DOCUME~1\Owner\ggg.bat
2007-02-07 17:23 32,768 --a--c--- C:\DOCUME~1\Owner\stup9x.exe
2007-02-06 18:09 <DIR> d-------- C:\Program Files\WMI Tools
2007-02-06 15:37 63 --a--c--- C:\DOCUME~1\Owner\yyd.bat
2007-02-05 21:28 393,216 --a--c--- C:\DOCUME~1\Owner\hui.exe
2007-02-05 21:27 32,768 --a--c--- C:\DOCUME~1\Owner\setup.exe
2007-02-05 17:47 148 --a------ C:\WINDOWS\system32\ggg.bat
2007-02-05 17:45 3,464 --a------ C:\WINDOWS\system32\dr.exe
2007-02-05 17:44 393,216 --a------ C:\WINDOWS\system32\hui.exe
2007-02-05 17:42 78,360 --a------ C:\Program Files\uy.exe
2007-02-04 22:11 <DIR> d-------- C:\Program Files\AccuWeather.com
2007-02-04 22:10 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\AccuWeather.com
2007-02-04 21:33 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-02-04 21:28 393,216 --a--c--- C:\DOCUME~1\Owner\hhhl.exe
2007-02-04 21:28 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-02-04 18:12 <DIR> d-------- C:\Program Files\TikGames
2007-02-04 17:52 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia
2007-02-04 17:46 <DIR> d-------- C:\Program Files\FunWebProducts
2007-02-04 17:36 <DIR> d-------- C:\Program Files\MSN Games
2007-02-04 14:37 <DIR> d----c--- C:\DOCUME~1\PARENT~1.ORI\Contacts
2007-02-02 11:56 <DIR> d-------- C:\Program Files\LiveUpdate
2007-02-02 11:55 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\BVRP Software
2007-02-02 11:55 <DIR> d-------- C:\Program Files\mobile PhoneTools
2007-02-02 11:08 <DIR> d-------- C:\Program Files\All Mobile
2007-02-02 09:24 69,632 --a------ C:\WINDOWS\system32\iDEN_PST.DLL
2007-02-01 21:55 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-02-01 21:54 <DIR> d-------- C:\Program Files\Motorola
2007-02-01 20:35 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2007-02-01 20:35 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2007-02-01 20:35 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-02-01 15:49 <DIR> d-------- C:\Program Files\Registry Mechanic
2007-01-31 21:27 <DIR> d-------- C:\Program Files\Vegastrike
2007-01-31 21:16 164 --a--c--- C:\install.dat
2007-01-30 16:04 778,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-01-30 16:04 11,732,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-01-30 16:04 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-01-30 16:04 <DIR> d-------- C:\Program Files\AOL
2007-01-28 21:27 1,177 --a------ C:\WINDOWS\mozver.dat
2007-01-28 18:03 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-28 16:58 0 --a------ C:\WINDOWS\nsreg.dat
2007-01-28 16:55 <DIR> d-------- C:\Program Files\Mozilla Firefox
2007-01-28 15:37 <DIR> d-------- C:\WINDOWS\pss
2007-01-27 23:59 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-01-27 23:58 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-01-27 21:53 <DIR> d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger
2007-01-27 17:08 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\IMVU
2007-01-27 17:07 <DIR> d-------- C:\Program Files\IMVU
2007-01-26 22:00 <DIR> d----c--- C:\CRMTH
2007-01-25 16:06 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\WinZip
2007-01-23 17:44 <DIR> d-------- C:\Program Files\MSBuild
2007-01-23 17:44 <DIR> d-------- C:\Program Files\Microsoft Works
2007-01-23 17:40 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-01-23 17:36 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-01-23 17:32 <DIR> dr-h-c--- C:\MSOCache
2007-01-23 16:58 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-01-23 16:53 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-22 16:12 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\BitTorrent
2007-01-22 16:12 <DIR> d-------- C:\Program Files\BitTorrent
2007-01-22 05:54 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2007-01-22 03:26 <DIR> d-------- C:\Program Files\BitComet
2007-01-22 02:51 <DIR> d-------- C:\Program Files\WinAce
2007-01-22 02:24 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-01-22 02:13 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help
2007-01-20 00:01 <DIR> d----c--- C:\DOCUME~1\GIRLS~1.ORI\Contacts
2007-01-19 23:59 <DIR> d----c--- C:\DOCUME~1\GIRLS~1.ORI\Application Data\Webroot
2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-18 23:03 <DIR> d-------- C:\Program Files\Grisoft
2007-01-18 20:34 2,191,616 --a------ C:\WINDOWS\system32\kernel1.exe
2007-01-18 20:25 <DIR> d-------- C:\Program Files\TGTSoft
2007-01-18 20:12 <DIR> d-------- C:\Program Files\themexp
2007-01-18 19:43 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
2007-01-18 19:43 131,072 --------- C:\WINDOWS\system32\mclsp.dll
2007-01-18 19:43 11,264 --a------ C:\WINDOWS\system32\sporder.dll
2007-01-18 19:32 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee.com
2007-01-17 17:59 <DIR> d-------- C:\Program Files\Windows Journal Viewer
2007-01-17 16:17 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\Motive
2007-01-16 20:32 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2007-01-16 20:32 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2007-01-16 20:32 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2007-01-16 20:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-16 20:27 <DIR> d-------- C:\Program Files\MTV Networks
2007-01-15 16:34 <DIR> d----c--- C:\DOCUME~1\Guest\Application Data\Webroot
2007-01-15 16:33 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-01-15 16:18 <DIR> d----c--- C:\DOCUME~1\PARENT~1.ORI\Application Data\MusicNet
2007-01-15 14:55 <DIR> d----c--- C:\DOCUME~1\Owner\undefined
2007-01-14 21:52 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus!
2007-01-14 21:07 <DIR> d----c--- C:\DOCUME~1\PARENT~1.ORI\Application Data\Webroot
2007-01-14 15:50 <DIR> d-------- C:\WINDOWS\system32\slideApp

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-02-12 05:47 -------- d----c--- C:\Documents and Settings\Owner\Application Data\starware337
2007-02-11 22:33 -------- d----c--- C:\Documents and Settings\Owner\Application Data\gtek
2007-02-11 21:02 22 --a------ C:\Program Files\c.zip
2007-02-11 21:02 22 --a------ C:\Program Files\b.zip
2007-02-11 21:02 22 --a------ C:\Program Files\a.zip
2007-02-11 20:44 25214 --a------ C:\Program Files\b.ico
2007-02-11 20:44 25214 --a------ C:\Program Files\a.ico
2007-02-08 22:34 417792 --a------ C:\Program Files\rcx1c.tmp
2007-02-06 22:09 -------- d-------- C:\Program Files\microsoft shared computer toolkit
2007-02-06 18:09 -------- d---sc--- C:\Documents and Settings\Owner\Application Data\microsoft
2007-02-05 20:28 -------- d-------- C:\Program Files\windows media connect 2
2007-02-05 18:52 -------- d--h----- C:\Program Files\installshield installation information
2007-02-04 22:10 -------- d----c--- C:\Documents and Settings\Owner\Application Data\accuweather.com
2007-02-04 16:24 -------- d-------- C:\Program Files\msn messenger
2007-02-01 20:38 2508 --a--c--- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
2007-01-30 21:15 -------- d-------- C:\Program Files\mirc
2007-01-29 15:52 -------- d----c--- C:\Documents and Settings\Owner\Application Data\imvu
2007-01-28 16:58 -------- d----c--- C:\Documents and Settings\Owner\Application Data\mozilla
2007-01-25 21:57 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-25 21:57 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-25 21:57 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-25 21:57 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-25 20:22 -------- d-------- C:\Program Files\java
2007-01-23 18:53 -------- d----c--- C:\Documents and Settings\Owner\Application Data\bittorrent
2007-01-23 17:44 -------- d-------- C:\Program Files\slide
2007-01-21 23:01 -------- d-------- C:\Program Files\uphclean
2007-01-21 22:57 -------- d-------- C:\Program Files\messenger plus! live
2007-01-21 22:57 -------- d-------- C:\Program Files\messenger
2007-01-21 17:49 -------- d----c--- C:\Documents and Settings\Owner\Application Data\macromedia
2007-01-21 17:32 -------- d-------- C:\Program Files\Common Files\macromedia
2007-01-21 17:28 -------- d-------- C:\Program Files\macromedia
2007-01-17 16:17 -------- d----c--- C:\Documents and Settings\Owner\Application Data\motive
2007-01-17 16:16 -------- d-------- C:\Program Files\alltel dsl check-up center
2007-01-11 23:39 -------- d-------- C:\Program Files\skype
2007-01-11 23:01 -------- d-------- C:\Program Files\yahoo!
2007-01-11 18:28 -------- d-------- C:\Program Files\the weather channel fw
2007-01-11 17:17 -------- d----c--- C:\Documents and Settings\Owner\Application Data\free download manager
2007-01-10 21:39 -------- d-------- C:\Program Files\illiminable
2007-01-10 21:39 -------- d-------- C:\Program Files\Common Files\surething shared
2007-01-10 15:47 -------- d-------- C:\Program Files\Common Files\motive
2007-01-04 21:45 -------- d-------- C:\Program Files\free download manager
2007-01-02 18:01 -------- d----c--- C:\Documents and Settings\Owner\Application Data\corel
2007-01-02 07:23 -------- d-------- C:\Program Files\qbot
2007-01-01 18:58 -------- d-------- C:\Program Files\Common Files\real
2007-01-01 18:57 -------- d-------- C:\Program Files\opera
2006-11-27 02:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-20 02:42 33280 --a------ C:\WINDOWS\system32\snmp.exe
2006-11-13 00:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-12 22:50 216 --a--c--- C:\WINDOWS\powerreg.dat

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
@="\"C:\\Program Files\\Internet Explorer\\csrss.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"
"ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="\"C:\\Program Files\\Logitech\\Video\\ISStart.exe\" "
"LogitechVideoTray"="\"C:\\Program Files\\Logitech\\Video\\LogiTray.exe\""
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\""
"UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u"
"Motive SmartBridge"="C:\\PROGRA~1\\ALLTEL~1\\SMARTB~1\\MotiveSB.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\""
@=""
"RegistryMechanic"=""
"WatchDog"="\"C:\\Program Files\\mobile PhoneTools\\WatchDog.exe\""
"p2p networking"="p2pnetworking.exe"
"LogMeIn GUI"="\"C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windstream Broadband Check-up Center.lnk]
"backup"="C:\\WINDOWS\\pss\\Windstream Broadband Check-up Center.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\ALLTEL~1\\bin\\matcli.exe -boot"
"item"="Windstream Broadband Check-up Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office Groove.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\Office12\\GROOVE.EXE -background"
"item"="Microsoft Office Groove"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DesktopWeather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StyleXP"
"hkey"="HKCU"
"command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTouch"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source REG_SZ

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cbbe5ca-ab35-11db-a319-0016761f7be7}]
Shell\AutoRun\command E:\SETUP.EXE
Shell\configure\command E:\SETUP.EXE
Shell\install\command E:\SETUP.EXE

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f13164eb-2856-11db-8c92-806d6172696f}]
Shell\AutoRun\command D:\SetupWizard.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\mIRC.job
C:\WINDOWS\tasks\wrSpySweeper_44D2FA5B7E6D40C9BC2D5A56B981F597.job

********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-12 5:57:09
C:\ComboFix2.txt ... 07-01-18 15:44
C:\ComboFix3.txt ... 07-01-17 23:18

joshthemaster06 · 02-12-2007, 05:03 AM

Logfile of HijackThis v1.99.1
Scan saved at 6:02:48 AM, on 2/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\csrss.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware337\bin\Starware337.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing)
O3 - Toolbar: Starware Recipe Toolbar - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware337\bin\Starware337.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe"
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://care.alltel.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet...ller_2-0-0.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161218848359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155281428203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O17 - HKLM\System\CS2\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

**LonnyRJones** · 02-12-2007, 10:47 AM

Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file)
O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe"

Optional fix's >
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware337\bin\Starware337.dll
O3 - Toolbar: Starware Recipe Toolbar - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware337\bin\Starware337.dll

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I see you already have AOL's antivirus by kaspersky
RE-download another copy disconnect from the internet and uninstall it (reboot if prompted) and install the new copy

http://www.activevirusshield.com/ant...eeav/index.adp
Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop.
Please remember to register for your Activation Code using a legitimate email address.
Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:

Then update the program and run a systemwide scan. Allow it to neutralize all that it finds.
When done, launch Active Virus Shield's main window.

Click the Scan button on the left, and then click Detected.

In the ensuing window, click the Save As button to save a copy of the log.
Copy and paste that log in your next reply.
Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.
---------------------
In addition to that report
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.

02-05-2007, 04:51 PM	#1 (permalink)
joshthemaster06 Registered User Join Date: Jan 2007 Location: Kentucky Posts: 157 OS: Windows Vista Buissness Edition,Office 2007	Setup Corrupted from transfer Logfile of HijackThis v1.99.1 Scan saved at 5:50:51 PM, on 2/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AOL\Active Virus Shield\avp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Internet Explorer\csrss.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Common Files\{20A73837-09DF-1033-0103-060416200001}\Update.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - C:\WINDOWS\inetloader.dll (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe" O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe" O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe" O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe" O4 - Global Startup: dllhost.exe O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://care.alltel.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet...ller_2-0-0.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161218848359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155281428203 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20 O17 - HKLM\System\CS1\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20 O17 - HKLM\System\CS2\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe I keep getting this message when i try to open music,word basically anything i need help

02-06-2007, 05:29 PM	#2 (permalink)
joshthemaster06 Registered User Join Date: Jan 2007 Location: Kentucky Posts: 157 OS: Windows Vista Buissness Edition,Office 2007	bumpppp

02-11-2007, 12:02 AM	#4 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Hi joshthemaster06 Sorry for the delay Post a combofix log 1. Download this file - combofix.exe http://download.bleepingcomputer.com...h/combofix.exe 2. Double click combofix.exe & follow the prompts. 3. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall If the log is large You might need to post half in one reply half in another. Also post a new hijackthis log.

02-11-2007, 01:52 PM	#5 (permalink)
joshthemaster06 Registered User Join Date: Jan 2007 Location: Kentucky Posts: 157 OS: Windows Vista Buissness Edition,Office 2007	This fourm has already been resolved through pms. It need to be sent to the resolved files

02-12-2007, 02:10 AM	#6 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Humor me, I would still like to see the logs.

02-12-2007, 04:47 AM	#7 (permalink)
joshthemaster06 Registered User Join Date: Jan 2007 Location: Kentucky Posts: 157 OS: Windows Vista Buissness Edition,Office 2007	lol yeah the guy that was helping me said that it still had serious infections

02-12-2007, 05:01 AM	#8 (permalink)
joshthemaster06 Registered User Join Date: Jan 2007 Location: Kentucky Posts: 157 OS: Windows Vista Buissness Edition,Office 2007	"Owner" - 07-02-12 5:48:19 Service Pack 2 ComboFix 07-02-11 - Running from: "C:\Documents and Settings\Owner\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\drsmartload2.dat C:\WINDOWS\newname.dat C:\Program Files\Common Files\Yazzle1122OinAdmin.exe C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe C:\Program Files\Ipwindows\ipwins.dll C:\WINDOWS\system32\bszip.dll C:\WINDOWS\system32\cmd.com C:\WINDOWS\system32\netstat.com C:\WINDOWS\system32\ping.com C:\WINDOWS\system32\REGEDIT.com C:\WINDOWS\system32\setup.exe.tmp C:\WINDOWS\system32\taskkill.com C:\WINDOWS\system32\tasklist.com C:\WINDOWS\system32\tracert.com C:\WINDOWS\system32\unsvchosts.exe C:\Program Files\Common Files\{20A73~3 C:\Program Files\Common Files\{20A73~1 C:\Program Files\Common Files\{20A73~2 C:\Program Files\Common Files\{30A73~1 C:\Program Files\InetGet2 C:\Program Files\Ipwindows C:\Program Files\outlook C:\Program Files\Common Files\{30A73~2 ((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 )))))))))))))))))))))))))))))))))) 2007-02-11 23:36 <DIR> d----c--- C:\DOCUME~1\Owner\Saved Games 2007-02-11 23:30 <DIR> d-------- C:\Program Files\Dream Day Wedding 2007-02-11 23:30 <DIR> d-------- C:\Program Files\BFG 2007-02-11 22:33 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\GTek 2007-02-11 22:33 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Gtek 2007-02-11 21:16 1,161 --a------ C:\WINDOWS\checkip.dat 2007-02-08 22:22 <DIR> d-------- C:\WINDOWS\system32\XPSViewer 2007-02-08 22:21 <DIR> d-------- C:\Program Files\Reference Assemblies 2007-02-08 22:20 14,048 --------- C:\WINDOWS\system32\spmsg2.dll 2007-02-08 22:20 <DIR> d----c--- C:\3ae96b3bf0f7a1e073ae7f 2007-02-08 21:44 90,437 --a--c--- C:\DOCUME~1\Owner\install.exe 2007-02-08 21:44 393,216 --a--c--- C:\DOCUME~1\Owner\shared.exe 2007-02-08 19:47 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\Starware337 2007-02-08 19:47 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Starware337 2007-02-08 19:47 <DIR> d-------- C:\Program Files\Starware337 2007-02-08 17:07 13,040 --a------ C:\WINDOWS\system32\LMIport.dll 2007-02-08 17:07 11,504 --a------ C:\WINDOWS\system32\LMIinit.dll 2007-02-08 17:07 <DIR> d-------- C:\Program Files\LogMeIn 2007-02-07 17:24 190 --a--c--- C:\DOCUME~1\Owner\ggg.bat 2007-02-07 17:23 32,768 --a--c--- C:\DOCUME~1\Owner\stup9x.exe 2007-02-06 18:09 <DIR> d-------- C:\Program Files\WMI Tools 2007-02-06 15:37 63 --a--c--- C:\DOCUME~1\Owner\yyd.bat 2007-02-05 21:28 393,216 --a--c--- C:\DOCUME~1\Owner\hui.exe 2007-02-05 21:27 32,768 --a--c--- C:\DOCUME~1\Owner\setup.exe 2007-02-05 17:47 148 --a------ C:\WINDOWS\system32\ggg.bat 2007-02-05 17:45 3,464 --a------ C:\WINDOWS\system32\dr.exe 2007-02-05 17:44 393,216 --a------ C:\WINDOWS\system32\hui.exe 2007-02-05 17:42 78,360 --a------ C:\Program Files\uy.exe 2007-02-04 22:11 <DIR> d-------- C:\Program Files\AccuWeather.com 2007-02-04 22:10 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\AccuWeather.com 2007-02-04 21:33 0 --a------ C:\WINDOWS\system32\taskkill.exe 2007-02-04 21:28 393,216 --a--c--- C:\DOCUME~1\Owner\hhhl.exe 2007-02-04 21:28 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2007-02-04 18:12 <DIR> d-------- C:\Program Files\TikGames 2007-02-04 17:52 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia 2007-02-04 17:46 <DIR> d-------- C:\Program Files\FunWebProducts 2007-02-04 17:36 <DIR> d-------- C:\Program Files\MSN Games 2007-02-04 14:37 <DIR> d----c--- C:\DOCUME~1\PARENT~1.ORI\Contacts 2007-02-02 11:56 <DIR> d-------- C:\Program Files\LiveUpdate 2007-02-02 11:55 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\BVRP Software 2007-02-02 11:55 <DIR> d-------- C:\Program Files\mobile PhoneTools 2007-02-02 11:08 <DIR> d-------- C:\Program Files\All Mobile 2007-02-02 09:24 69,632 --a------ C:\WINDOWS\system32\iDEN_PST.DLL 2007-02-01 21:55 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys 2007-02-01 21:54 <DIR> d-------- C:\Program Files\Motorola 2007-02-01 20:35 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys 2007-02-01 20:35 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys 2007-02-01 20:35 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-02-01 15:49 <DIR> d-------- C:\Program Files\Registry Mechanic 2007-01-31 21:27 <DIR> d-------- C:\Program Files\Vegastrike 2007-01-31 21:16 164 --a--c--- C:\install.dat 2007-01-30 16:04 778,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-01-30 16:04 11,732,256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2007-01-30 16:04 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\AOL 2007-01-30 16:04 <DIR> d-------- C:\Program Files\AOL 2007-01-28 21:27 1,177 --a------ C:\WINDOWS\mozver.dat 2007-01-28 18:03 <DIR> d-------- C:\Program Files\Common Files\Adobe 2007-01-28 16:58 0 --a------ C:\WINDOWS\nsreg.dat 2007-01-28 16:55 <DIR> d-------- C:\Program Files\Mozilla Firefox 2007-01-28 15:37 <DIR> d-------- C:\WINDOWS\pss 2007-01-27 23:59 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-01-27 23:58 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-01-27 21:53 <DIR> d-------- C:\Program Files\CEDP Stealer 6.0 for Messenger 2007-01-27 17:08 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\IMVU 2007-01-27 17:07 <DIR> d-------- C:\Program Files\IMVU 2007-01-26 22:00 <DIR> d----c--- C:\CRMTH 2007-01-25 16:06 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\WinZip 2007-01-23 17:44 <DIR> d-------- C:\Program Files\MSBuild 2007-01-23 17:44 <DIR> d-------- C:\Program Files\Microsoft Works 2007-01-23 17:40 <DIR> d-------- C:\Program Files\Microsoft.NET 2007-01-23 17:36 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2007-01-23 17:32 <DIR> dr-h-c--- C:\MSOCache 2007-01-23 16:58 <DIR> d-------- C:\Program Files\DAEMON Tools 2007-01-23 16:53 646,392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-22 16:12 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\BitTorrent 2007-01-22 16:12 <DIR> d-------- C:\Program Files\BitTorrent 2007-01-22 05:54 135,168 --a------ C:\WINDOWS\system32\igfxres.dll 2007-01-22 03:26 <DIR> d-------- C:\Program Files\BitComet 2007-01-22 02:51 <DIR> d-------- C:\Program Files\WinAce 2007-01-22 02:24 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-01-22 02:13 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Help 2007-01-20 00:01 <DIR> d----c--- C:\DOCUME~1\GIRLS~1.ORI\Contacts 2007-01-19 23:59 <DIR> d----c--- C:\DOCUME~1\GIRLS~1.ORI\Application Data\Webroot 2007-01-19 12:53 51,056 --a------ C:\WINDOWS\system32\sirenacm.dll 2007-01-18 23:03 <DIR> d-------- C:\Program Files\Grisoft 2007-01-18 20:34 2,191,616 --a------ C:\WINDOWS\system32\kernel1.exe 2007-01-18 20:25 <DIR> d-------- C:\Program Files\TGTSoft 2007-01-18 20:12 <DIR> d-------- C:\Program Files\themexp 2007-01-18 19:43 32,768 --a------ C:\WINDOWS\system32\instlsp.exe 2007-01-18 19:43 131,072 --------- C:\WINDOWS\system32\mclsp.dll 2007-01-18 19:43 11,264 --a------ C:\WINDOWS\system32\sporder.dll 2007-01-18 19:32 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\McAfee.com 2007-01-17 17:59 <DIR> d-------- C:\Program Files\Windows Journal Viewer 2007-01-17 16:17 <DIR> d----c--- C:\DOCUME~1\Owner\Application Data\Motive 2007-01-16 20:32 36,352 --------- C:\WINDOWS\system32\tsgqec.dll 2007-01-16 20:32 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll 2007-01-16 20:32 116,736 --------- C:\WINDOWS\system32\aaclient.dll 2007-01-16 20:27 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2007-01-16 20:27 <DIR> d-------- C:\Program Files\MTV Networks 2007-01-15 16:34 <DIR> d----c--- C:\DOCUME~1\Guest\Application Data\Webroot 2007-01-15 16:33 786,432 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT 2007-01-15 16:18 <DIR> d----c--- C:\DOCUME~1\PARENT~1.ORI\Application Data\MusicNet 2007-01-15 14:55 <DIR> d----c--- C:\DOCUME~1\Owner\undefined 2007-01-14 21:52 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Messenger Plus! 2007-01-14 21:07 <DIR> d----c--- C:\DOCUME~1\PARENT~1.ORI\Application Data\Webroot 2007-01-14 15:50 <DIR> d-------- C:\WINDOWS\system32\slideApp (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-12 05:47 -------- d----c--- C:\Documents and Settings\Owner\Application Data\starware337 2007-02-11 22:33 -------- d----c--- C:\Documents and Settings\Owner\Application Data\gtek 2007-02-11 21:02 22 --a------ C:\Program Files\c.zip 2007-02-11 21:02 22 --a------ C:\Program Files\b.zip 2007-02-11 21:02 22 --a------ C:\Program Files\a.zip 2007-02-11 20:44 25214 --a------ C:\Program Files\b.ico 2007-02-11 20:44 25214 --a------ C:\Program Files\a.ico 2007-02-08 22:34 417792 --a------ C:\Program Files\rcx1c.tmp 2007-02-06 22:09 -------- d-------- C:\Program Files\microsoft shared computer toolkit 2007-02-06 18:09 -------- d---sc--- C:\Documents and Settings\Owner\Application Data\microsoft 2007-02-05 20:28 -------- d-------- C:\Program Files\windows media connect 2 2007-02-05 18:52 -------- d--h----- C:\Program Files\installshield installation information 2007-02-04 22:10 -------- d----c--- C:\Documents and Settings\Owner\Application Data\accuweather.com 2007-02-04 16:24 -------- d-------- C:\Program Files\msn messenger 2007-02-01 20:38 2508 --a--c--- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc 2007-01-30 21:15 -------- d-------- C:\Program Files\mirc 2007-01-29 15:52 -------- d----c--- C:\Documents and Settings\Owner\Application Data\imvu 2007-01-28 16:58 -------- d----c--- C:\Documents and Settings\Owner\Application Data\mozilla 2007-01-25 21:57 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys 2007-01-25 21:57 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys 2007-01-25 21:57 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys 2007-01-25 21:57 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys 2007-01-25 20:22 -------- d-------- C:\Program Files\java 2007-01-23 18:53 -------- d----c--- C:\Documents and Settings\Owner\Application Data\bittorrent 2007-01-23 17:44 -------- d-------- C:\Program Files\slide 2007-01-21 23:01 -------- d-------- C:\Program Files\uphclean 2007-01-21 22:57 -------- d-------- C:\Program Files\messenger plus! live 2007-01-21 22:57 -------- d-------- C:\Program Files\messenger 2007-01-21 17:49 -------- d----c--- C:\Documents and Settings\Owner\Application Data\macromedia 2007-01-21 17:32 -------- d-------- C:\Program Files\Common Files\macromedia 2007-01-21 17:28 -------- d-------- C:\Program Files\macromedia 2007-01-17 16:17 -------- d----c--- C:\Documents and Settings\Owner\Application Data\motive 2007-01-17 16:16 -------- d-------- C:\Program Files\alltel dsl check-up center 2007-01-11 23:39 -------- d-------- C:\Program Files\skype 2007-01-11 23:01 -------- d-------- C:\Program Files\yahoo! 2007-01-11 18:28 -------- d-------- C:\Program Files\the weather channel fw 2007-01-11 17:17 -------- d----c--- C:\Documents and Settings\Owner\Application Data\free download manager 2007-01-10 21:39 -------- d-------- C:\Program Files\illiminable 2007-01-10 21:39 -------- d-------- C:\Program Files\Common Files\surething shared 2007-01-10 15:47 -------- d-------- C:\Program Files\Common Files\motive 2007-01-04 21:45 -------- d-------- C:\Program Files\free download manager 2007-01-02 18:01 -------- d----c--- C:\Documents and Settings\Owner\Application Data\corel 2007-01-02 07:23 -------- d-------- C:\Program Files\qbot 2007-01-01 18:58 -------- d-------- C:\Program Files\Common Files\real 2007-01-01 18:57 -------- d-------- C:\Program Files\opera 2006-11-27 02:45 60416 --------- C:\WINDOWS\system32\tzchange.exe 2006-11-20 02:42 33280 --a------ C:\WINDOWS\system32\snmp.exe 2006-11-13 00:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll 2006-11-12 22:50 216 --a--c--- C:\WINDOWS\powerreg.dat (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\"" "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized" @="\"C:\\Program Files\\Internet Explorer\\csrss.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\"" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "ISUSPM Startup"="\"C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "LogitechVideoRepair"="\"C:\\Program Files\\Logitech\\Video\\ISStart.exe\" " "LogitechVideoTray"="\"C:\\Program Files\\Logitech\\Video\\LogiTray.exe\"" "SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe\"" "UserFaultCheck"="%systemroot%\\system32\\dumprep 0 -u" "Motive SmartBridge"="C:\\PROGRA~1\\ALLTEL~1\\SMARTB~1\\MotiveSB.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\"" "aol"="\"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe\"" @="" "RegistryMechanic"="" "WatchDog"="\"C:\\Program Files\\mobile PhoneTools\\WatchDog.exe\"" "p2p networking"="p2pnetworking.exe" "LogMeIn GUI"="\"C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\"" "SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windstream Broadband Check-up Center.lnk] "backup"="C:\\WINDOWS\\pss\\Windstream Broadband Check-up Center.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\ALLTEL~1\\bin\\matcli.exe -boot" "item"="Windstream Broadband Check-up Center" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Microsoft Office Groove.lnk] "backup"="C:\\WINDOWS\\pss\\Microsoft Office Groove.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\MI1933~1\\Office12\\GROOVE.EXE -background" "item"="Microsoft Office Groove" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="DesktopWeather" "hkey"="HKCU" "command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logi_MwX" "hkey"="HKLM" "command"="Logi_MwX.Exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MsnMsgr" "hkey"="HKCU" "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="StyleXP" "hkey"="HKCU" "command"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTouch" "hkey"="HKLM" "command"="\"C:\\Program Files\\Logitech\\iTouch\\iTouch.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoCDBurning"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source REG_SZ [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source REG_SZ HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cbbe5ca-ab35-11db-a319-0016761f7be7}] Shell\AutoRun\command E:\SETUP.EXE Shell\configure\command E:\SETUP.EXE Shell\install\command E:\SETUP.EXE [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f13164eb-2856-11db-8c92-806d6172696f}] Shell\AutoRun\command D:\SetupWizard.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Disk Cleanup.job C:\WINDOWS\tasks\mIRC.job C:\WINDOWS\tasks\wrSpySweeper_44D2FA5B7E6D40C9BC2D5A56B981F597.job ****************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-02-12 5:57:09 C:\ComboFix2.txt ... 07-01-18 15:44 C:\ComboFix3.txt ... 07-01-17 23:18

02-12-2007, 05:03 AM	#9 (permalink)
joshthemaster06 Registered User Join Date: Jan 2007 Location: Kentucky Posts: 157 OS: Windows Vista Buissness Edition,Office 2007	Logfile of HijackThis v1.99.1 Scan saved at 6:02:48 AM, on 2/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE C:\Program Files\Microsoft Shared Computer Toolkit\bin\SCTThresholdMonitor.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\mobile PhoneTools\WatchDog.exe C:\Program Files\LogMeIn\LogMeInSystray.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Internet Explorer\csrss.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Documents and Settings\Owner\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware337\bin\Starware337.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing) O3 - Toolbar: Starware Recipe Toolbar - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware337\bin\Starware337.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe" O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe" O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe" O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe" O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: http://care.alltel.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/Sh...2/ComCtl32.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet...ller_2-0-0.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161218848359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155281428203 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab55579.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20 O17 - HKLM\System\CS1\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20 O17 - HKLM\System\CS2\Services\Tcpip\..\{065A14C6-41F8-4F53-B81E-4FC4E756512F}: NameServer = 166.102.165.11,207.91.5.20 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

02-12-2007, 10:47 AM	#10 (permalink)
LonnyRJones Expert Analyst, Moderator, Security Team Join Date: Sep 2006 Posts: 1,345 OS: xp	Start Hijackthis and place a check next to these items If there. O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: WeeklyExecuter Class - {f015f320-ab08-11db-abbd-0800200c9a66} - (no file) O3 - Toolbar: AccuWeather.com Toolbar - {b0fdbb8e-5c2c-41ed-a18c-228f9b2f598c} - mscoree.dll (file missing) O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe O4 - HKCU\..\Run: [] "C:\Program Files\Internet Explorer\csrss.exe" Optional fix's > O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware337\bin\Starware337.dll O3 - Toolbar: Starware Recipe Toolbar - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware337\bin\Starware337.dll ==================================== Hit fix checked and close Hijackthis. Restart the PC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I see you already have AOL's antivirus by kaspersky RE-download another copy disconnect from the internet and uninstall it (reboot if prompted) and install the new copy http://www.activevirusshield.com/ant...eeav/index.adp Please download Active Virus Shield (powered by Kaspersky) and save it to your desktop. Please remember to register for your Activation Code using a legitimate email address. Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process: Then update the program and run a systemwide scan. Allow it to neutralize all that it finds. When done, launch Active Virus Shield's main window. Click the Scan button on the left, and then click Detected. In the ensuing window, click the Save As button to save a copy of the log. Copy and paste that log in your next reply. Note: You must only use 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable. --------------------- In addition to that report Panda ActiveScan-Free online scanner, http://www.pandasoftware.com/products/activescan.htm Do a full scan > Click the my computer button After the scan click see report then Save the report and post it back here please.