Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
1st Post of my Log 1st Post of my Log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
 
Thread Tools
Old 12-19-2007, 11:44 AM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Location: UK
Posts: 7
OS: XP MCE


1st Post of my Log
Hi all,

My system has become a little screwy of late and it all coincided with my daughter installing a load of messenger crap.

Please can you take a look at my log and let me know what I can gert rid of?....

Thanks in advance...

Nick

Logfile of HijackThis v1.97.7
Scan saved at 18:35:21, on 19/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dad\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [oozeshim] C:\DOCUME~1\Dad\APPLIC~1\GLOBAL~1\wipe settings pop.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157744350921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1182507250369
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab
InFiD3L is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 07:53 AM   #2 (permalink)
Registered User
 
Join Date: Dec 2007
Location: UK
Posts: 7
OS: XP MCE


Re: 1st Post of my Log
bumpety-bump ;)
InFiD3L is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 11:52 AM   #3 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: 1st Post of my Log
Do a HijackThis scan & place a check next to these items and select "Fix checked":

O4 - HKCU\..\Run: [oozeshim] C:\DOCUME~1\Dad\APPLIC~1\GLOBAL~1\wipe settings pop.exe
O15 - Trusted Zone: *.stumbleupon.com


---------------


www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 01:12 AM   #4 (permalink)
Registered User
 
Join Date: Dec 2007
Location: UK
Posts: 7
OS: XP MCE


Re: 1st Post of my Log
Thanks for replying sUBs :)

I've disabled the above as suggested. Still n joy. FYI I have 2 instances of iexplore.exe as runing processes. One at c.70Mb and one at 11mb without having a browser open. Is this a concern? Also the popups are usually from CiD. Any suggestions?

S&D, adaware and defender are not picking anything up.

Thanks
InFiD3L is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 05:31 AM   #5 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: 1st Post of my Log
May I have the log produced by ComboFix.exe
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-28-2007, 08:40 AM   #6 (permalink)
Registered User
 
Join Date: Dec 2007
Location: UK
Posts: 7
OS: XP MCE


Re: 1st Post of my Log
Sorry sUBs, I had an eye to brain malfunction when reading your girst post ;)

Ran combofix so here goes:

Logfile of HijackThis v1.97.7
Scan saved at 15:38:58, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Dad\My Documents\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\system32\nzdd.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [oozeshim] C:\DOCUME~1\Dad\APPLIC~1\GLOBAL~1\wipe settings pop.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 (HKLM)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.2.100.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1157744350921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1182507250369
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15028/CTPID.cab

And the combofix log:

ComboFix 07-12-28.1 - Dad 2007-12-28 15:29:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.461 [GMT 0:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-26 14:38 . 2007-12-27 23:05 4,958,588 --a------ C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-10071102}.BAK
2007-12-25 12:46 . 2007-12-25 16:58 4,096 --a------ C:\WINDOWS\system32\crash
2007-12-15 23:45 . 2007-12-15 23:45 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Yahoo!
2007-12-15 23:43 . 2007-12-15 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-15 23:43 . 2007-12-15 23:43 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2007-12-15 23:40 . 2007-12-16 09:30 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-15 23:39 . 2007-12-16 09:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-15 23:39 . 2002-02-21 18:56 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-15 23:37 . 2007-12-15 23:37 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2007-12-15 23:37 . 2007-12-15 23:37 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\InstallShield
2007-12-15 23:37 . 2007-09-21 03:00 53,248 --a------ C:\WINDOWS\system32\LBTCoIns.DLL
2007-12-13 17:16 . 2007-12-27 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-09 14:42 . 2007-12-09 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-09 14:41 . 2007-12-09 14:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Logitech
2007-12-09 13:18 . 2007-12-09 13:18 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-09 13:15 . 2007-12-09 13:15 <DIR> d-------- C:\Program Files\Circle Developement
2007-12-09 13:15 . 2007-12-09 13:15 <DIR> d-------- C:\Documents and Settings\Dad\Contacts
2007-12-09 13:15 . 2007-12-09 13:15 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\global glue
2007-12-09 13:14 . 2007-12-16 09:31 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-12-09 13:14 . 2007-12-09 13:14 268 --ah----- C:\sqmdata00.sqm
2007-12-09 13:14 . 2007-12-09 13:14 244 --ah----- C:\sqmnoopt00.sqm
2007-12-09 13:11 . 2007-12-16 09:34 <DIR> d-------- C:\Program Files\Windows Live
2007-12-09 13:11 . 2007-12-09 13:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 13:10 . 2007-12-09 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 23:05 --------- d-----w C:\Documents and Settings\Dad\Application Data\uTorrent
2007-12-26 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 08:57 --------- d-----w C:\Documents and Settings\Dad\Application Data\AVG7
2007-12-16 09:37 --------- d-----w C:\Program Files\Sony
2007-12-16 09:33 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-16 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-12-15 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-15 23:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 23:37 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-13 17:16 --------- d-----w C:\Program Files\Google
2007-12-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-09 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\BAGS LONG MANAGER SIXTH
2007-12-01 23:48 --------- d-----w C:\Program Files\SOUNDGRAPH
2007-12-01 23:37 --------- d-----w C:\Documents and Settings\Dad\Application Data\SOUNDGRAPH
2007-11-24 13:36 --------- d-----w C:\Documents and Settings\Dad\Application Data\ATI
2007-11-24 13:35 --------- d-----w C:\Program Files\ATI Technologies
2007-11-24 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-11-24 13:22 --------- d-----w C:\Program Files\ATI Technologies(2)
2007-11-24 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI(2)
2007-11-24 12:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\InstallShield Installation Information
2007-11-24 01:17 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-11-22 21:59 --------- d-----w C:\Documents and Settings\Dad\Application Data\Bioshock
2007-11-17 11:45 --------- d--h--r C:\Documents and Settings\Dad\Application Data\SecuROM
2007-11-16 22:44 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-16 22:36 --------- d-----w C:\Program Files\EA GAMES
2007-11-15 10:07 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll
2007-11-15 10:07 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2007-11-15 10:07 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll
2007-11-15 10:07 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2007-11-15 10:06 301,656 ----a-w C:\WINDOWS\system32\BtCoreIf.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 22:07 --------- d-----w C:\Program Files\Microsoft Bootvis
2007-11-06 18:18 --------- d-----w C:\Program Files\Call of Duty
2007-11-03 18:24 --------- d-----w C:\Program Files\Driver Sweeper
2007-11-03 18:21 --------- d-----w C:\Program Files\Driver Cleaner Pro
2007-11-03 08:40 --------- d-----w C:\Program Files\Electronic Arts
2007-11-02 22:13 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-11-02 22:10 --------- d-----w C:\Program Files\id Software
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-09-11 08:17 22,328 ----a-w C:\Documents and Settings\Dad\Application Data\PnkBstrK.sys
2006-07-18 12:41 1,019,094 --sha-r C:\Program Files\serial.zip
2006-07-18 12:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 15:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 15:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 12:00]
"SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 10:13 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-06-15 16:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"oozeshim"="C:\DOCUME~1\Dad\APPLIC~1\GLOBAL~1\wipe settings pop.exe" [2007-12-09 13:15]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 17:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 17:45]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 C:\WINDOWS\KHALMNPR.Exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 12:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 17:06]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-15 23:37:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealDownload.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RealDownload.lnk
backup=C:\WINDOWS\pss\RealDownload.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 --------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 00:00 45056 --------- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]
2005-10-05 12:00 53248 --a------ C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 12:56 64512 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P ]
Enemy Territory Quake Wars

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-09-25 13:54 229952 --------- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\manager sixth balm more]
2007-12-28 15:24 2661888 --a------ C:\Documents and Settings\All Users\Application Data\BAGS LONG MANAGER SIXTH\internet beep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --------- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oozeshim]
2007-12-09 13:15 412160 --a------ C:\DOCUME~1\Dad\APPLIC~1\GLOBAL~1\wipe settings pop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2005-01-24 18:58 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Profiler\lwemon.exe /noui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-13 17:16 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"UPS"=3 (0x3)
"TapiSrv"=3 (0x3)
"SRS Labs License Service"=3 (0x3)
"Spooler"=2 (0x2)
"SCardSvr"=3 (0x3)
"NBService"=3 (0x3)
"mnmsrvc"=3 (0x3)
"McrdSvc"=2 (0x2)
"KService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)

R1 ISODrive;ISO DVD/CD-ROM Device Driver;C:\Program Files\UltraISO\drivers\ISODrive.sys [2007-04-13 16:42]
R3 SGIR;SGIR;C:\WINDOWS\system32\drivers\iMON_PAD.sys [2004-12-22 13:51]
S1 nvport;NVIDIA PORT IO Control Driver;C:\WINDOWS\system32\Drivers\nvport.sys []
S3 AMDPCI;AMDPCI;C:\DOCUME~1\Dad\LOCALS~1\Temp\AMDPCI.sys []
S3 ctmmfilt;Audio Filter Driver;C:\WINDOWS\system32\drivers\ctmmfilt.sys []
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State;C:\WINDOWS\system32\Drivers\frmupgr.sys [2007-01-03 16:25]
S3 LVCap138;LifeView LR138 Capture Driver;C:\WINDOWS\system32\DRIVERS\lvcap138.sys [2004-09-20 20:55]
S3 lvtuner;LifeView WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\lvtuner.sys [2004-09-20 20:54]
S3 s616bus;Sony Ericsson Device 616 driver (WDM);C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 13:59]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 13:59]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 13:59]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 13:59]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS);C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 13:59]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 13:59]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM);C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 13:59]
S3 SGHIDI;SGHIDI;C:\WINDOWS\system32\drivers\TG_iMON.sys [2003-12-30 22:28]
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 19:21]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-14 17:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-12-26 14:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-05 10:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-08-05 08:55:55 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-05 20:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-05 20:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-08-05 09:02:21 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-05 10:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\wunauclt.exe
"2007-12-27 23:00:00 C:\WINDOWS\Tasks\B1D3A9E9909026B9.job"
- c:\docume~1\dad\applic~1\global~1\Option eggs proxy.exe
"2007-12-28 15:21:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-27 22:55:05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB63E4A9-ABBF-4226-90B1-8685F1180420}.job"
??
???? 7\- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 15:31:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 15:31:58
.
2007-12-27 22:37:37 --- E O F ---

Thanks
Last edited by InFiD3L : 12-28-2007 at 08:44 AM.
InFiD3L is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-28-2007, 08:56 AM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: 1st Post of my Log
Quote:
Logfile of HijackThis v1.97.7
Scan saved at 15:38:58, on 28/12/2007
Your copy of Hijackthis is badly outdated. Please grab the latest from here:

http://download.bleepingcomputer.com...HiJackThis.exe
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-28-2007, 09:19 AM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: 1st Post of my Log
Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/204109-1st-post-my-log.html
Collect::
C:\Program Files\wunauclt.zip
C:\Program Files\serial.zip
Suspect::
C:\WINDOWS\system32\LBTCoIns.DLL
File::
C:\WINDOWS\system32\wunauclt.exe
C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
C:\Program Files\wunauclt.tbe
C:\Program Files\serial.tde
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\B1D3A9E9909026B9.job
Folder::
C:\Documents and Settings\Dad\Application Data\global glue
C:\Documents and Settings\All Users\Application Data\BAGS LONG MANAGER SIXTH
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"oozeshim"="C:\DOCUME~1\Dad\APPLIC~1\GLOBAL~1\wipe settings pop.exe" [2007-12-09 13:15]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"manager sixth balm more"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I downloaded pirated Software from P2P ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\manager sixth balm more]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oozeshim]
Save this as "CFScript"




Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


ESET Online Scanner
  • Please go to the following link ESET Online Scanner Link
  • Tick the box YES, I accept the Terms Of Use
  • Click the Start button
  • Now click the Install button
  • Click Start

    The scanner engine will initialise and update
  • Do Not tick the box Remove found threats
  • Click the Scan button

    The scan will now run, please be patient
  • When the scan finishes click the Details tab
  • Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-28-2007, 02:48 PM   #9 (permalink)
Registered User
 
Join Date: Dec 2007
Location: UK
Posts: 7
OS: XP MCE


Re: 1st Post of my Log
Right, I followed the above, and apart from the Online scan log details not being available (yet the results show no threat being found) we seem to have progress. I no longer have the dual instances of iexplore.exe and pop-ups have gone too. However my running processes now number 50 whereas before this action I was on 48, but I guess that could've been the crapware holding them back?


Anyway, CF log and Hijackthis to follow:

ComboFix 07-12-28.1 - Dad 2007-12-28 18:58:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.484 [GMT 0:00]
Running from: C:\Documents and Settings\Dad\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dad\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\serial.tde
C:\Program Files\wunauclt.tbe
C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
C:\WINDOWS\system32\wunauclt.exe
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\B1D3A9E9909026B9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\BAGS LONG MANAGER SIXTH\internet beep.exe
C:\Documents and Settings\Dad\Application Data\global glue
C:\Documents and Settings\Dad\Application Data\global glue\0
C:\Documents and Settings\Dad\Application Data\global glue\dohioluf.exe
C:\Documents and Settings\Dad\Application Data\global glue\Option eggs proxy.exe
C:\Documents and Settings\Dad\Application Data\global glue\platform plus long lite.exe
C:\Documents and Settings\Dad\Application Data\global glue\wipe settings pop.exe
C:\Program Files\serial.tde
C:\Program Files\serial.zip
C:\Program Files\wunauclt.tbe
C:\Program Files\wunauclt.zip
C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\B1D3A9E9909026B9.job
C:\Documents and Settings\All Users\Application Data\BAGS LONG MANAGER SIXTH

.
((((((((((((((((((((((((( Files Created from 2007-11-28 to 2007-12-28 )))))))))))))))))))))))))))))))
.

2007-12-26 14:38 . 2007-12-28 19:01 4,958,588 --a------ C:\WINDOWS\{00000001-00000000-00000009-00001102-00000004-10071102}.BAK
2007-12-25 12:46 . 2007-12-25 16:58 4,096 --a------ C:\WINDOWS\system32\crash
2007-12-15 23:45 . 2007-12-15 23:45 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\Yahoo!
2007-12-15 23:43 . 2007-12-15 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2007-12-15 23:40 . 2007-12-16 09:30 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-12-15 23:39 . 2007-12-16 09:30 <DIR> d-------- C:\Program Files\Yahoo!
2007-12-15 23:39 . 2002-02-21 18:56 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-12-15 23:37 . 2007-12-15 23:37 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2007-12-15 23:37 . 2007-12-15 23:37 <DIR> d-------- C:\Documents and Settings\Dad\Application Data\InstallShield
2007-12-15 23:37 . 2007-09-21 03:00 53,248 --a------ C:\WINDOWS\system32\LBTCoIns.DLL
2007-12-13 17:16 . 2007-12-27 22:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-09 14:42 . 2007-12-09 14:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-12-09 14:41 . 2007-12-09 14:41 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Logitech
2007-12-09 13:18 . 2007-12-09 13:18 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2007-12-09 13:15 . 2007-12-09 13:15 <DIR> d-------- C:\Program Files\Circle Developement
2007-12-09 13:15 . 2007-12-09 13:15 <DIR> d-------- C:\Documents and Settings\Dad\Contacts
2007-12-09 13:14 . 2007-12-16 09:31 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-12-09 13:14 . 2007-12-09 13:14 268 --ah----- C:\sqmdata00.sqm
2007-12-09 13:14 . 2007-12-09 13:14 244 --ah----- C:\sqmnoopt00.sqm
2007-12-09 13:11 . 2007-12-16 09:34 <DIR> d-------- C:\Program Files\Windows Live
2007-12-09 13:11 . 2007-12-09 13:13 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-09 13:10 . 2007-12-09 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 15:50 --------- d-----w C:\Documents and Settings\Dad\Application Data\AVG7
2007-12-27 23:05 --------- d-----w C:\Documents and Settings\Dad\Application Data\uTorrent
2007-12-26 08:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-24 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-16 09:37 --------- d-----w C:\Program Files\Sony
2007-12-16 09:33 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-16 09:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-12-15 23:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2007-12-15 23:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-15 23:37 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-13 17:16 --------- d-----w C:\Program Files\Google
2007-12-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 23:48 --------- d-----w C:\Program Files\SOUNDGRAPH
2007-12-01 23:37 --------- d-----w C:\Documents and Settings\Dad\Application Data\SOUNDGRAPH
2007-11-24 13:36 --------- d-----w C:\Documents and Settings\Dad\Application Data\ATI
2007-11-24 13:35 --------- d-----w C:\Program Files\ATI Technologies
2007-11-24 13:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2007-11-24 13:22 --------- d-----w C:\Program Files\ATI Technologies(2)
2007-11-24 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI(2)
2007-11-24 12:16 --------- d-----w C:\Documents and Settings\Dad\Application Data\InstallShield Installation Information
2007-11-24 01:17 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-11-22 21:59 --------- d-----w C:\Documents and Settings\Dad\Application Data\Bioshock
2007-11-17 11:45 --------- d--h--r C:\Documents and Settings\Dad\Application Data\SecuROM
2007-11-16 22:44 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-16 22:36 --------- d-----w C:\Program Files\EA GAMES
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 22:07 --------- d-----w C:\Program Files\Microsoft Bootvis
2007-11-06 18:18 --------- d-----w C:\Program Files\Call of Duty
2007-11-03 18:24 --------- d-----w C:\Program Files\Driver Sweeper
2007-11-03 18:21 --------- d-----w C:\Program Files\Driver Cleaner Pro
2007-11-03 08:40 --------- d-----w C:\Program Files\Electronic Arts
2007-11-02 22:13 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-11-02 22:10 --------- d-----w C:\Program Files\id Software
2007-09-11 08:17 22,328 ----a-w C:\Documents and Settings\Dad\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-28_15.31.25.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-09 14:45:11 70,926 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-28 17:18:22 70,356 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-09 14:45:11 437,530 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-28 17:18:22 436,976 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 12:00]
"SetDefaultMIDI"="MIDIDef.exe" [2003-06-20 10:13 C:\WINDOWS\MIDIDEF.EXE]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-06-15 16:34]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"oozeshim"="C:\DOCUME~1\Dad\APPLIC~1\GLOBAL~1\wipe settings pop.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 17:16]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-20 17:45]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 C:\WINDOWS\KHALMNPR.Exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"Bluetooth Connection Assistant"="LBTWIZ.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 12:00]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 17:06]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 22:37:20]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-15 23:37:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll [2005-10-05 12:00 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RealDownload.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RealDownload.lnk
backup=C:\WINDOWS\pss\RealDownload.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-06 22:46 57344 --------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 00:00 45056 --------- C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy Synchronization]
2005-10-05 12:00 53248 --a------ C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 12:56 64512 --a------ C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-09-25 13:54 229952 --------- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --------- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecSche]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCenter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2005-01-24 18:58 81920 --a------ C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
C:\Program Files\Logitech\Profiler\lwemon.exe /noui

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 00:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-12-13 17:16 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 20:05 204288 --a------ C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"UPS"=3 (0x3)
"TapiSrv"=3 (0x3)
"SRS Labs License Service"=3 (0x3)
"Spooler"=2 (0x2)
"SCardSvr"=3 (0x3)
"NBService"=3 (0x3)
"mnmsrvc"=3 (0x3)
"McrdSvc"=2 (0x2)
"KService"=2 (0x2)
"iPod Service"=3 (0x3)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ehSched"=2 (0x2)
"ehRecvr"=2 (0x2)

R1 ISODrive;ISO DVD/CD-ROM Device Driver;C:\Program Files\UltraISO\drivers\ISODrive.sys [2007-04-13 16:42]
R3 SGIR;SGIR;C:\WINDOWS\system32\drivers\iMON_PAD.sys [2004-12-22 13:51]
S1 nvport;NVIDIA PORT IO Control Driver;C:\WINDOWS\system32\Drivers\nvport.sys []
S3 AMDPCI;AMDPCI;C:\DOCUME~1\Dad\LOCALS~1\Temp\AMDPCI.sys []
S3 ctmmfilt;Audio Filter Driver;C:\WINDOWS\system32\drivers\ctmmfilt.sys []
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State;C:\WINDOWS\system32\Drivers\frmupgr.sys [2007-01-03 16:25]
S3 LVCap138;LifeView LR138 Capture Driver;C:\WINDOWS\system32\DRIVERS\lvcap138.sys [2004-09-20 20:55]
S3 lvtuner;LifeView WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\lvtuner.sys [2004-09-20 20:54]
S3 s616bus;Sony Ericsson Device 616 driver (WDM);C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 13:59]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 13:59]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 13:59]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 13:59]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS);C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 13:59]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 13:59]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM);C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 13:59]
S3 SGHIDI;SGHIDI;C:\WINDOWS\system32\drivers\TG_iMON.sys [2003-12-30 22:28]
S3 WmHidLo;Logitech Gaming USB Filter Driver;C:\WINDOWS\system32\drivers\WmHidLo.sys [2005-04-12 19:21]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-28 17:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2007-12-26 14:56:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-28 18:54:43 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-27 22:55:05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FB63E4A9-ABBF-4226-90B1-8685F1180420}.job"
??
???? 7\- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 19:04:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 19:05:24 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-28 15:32
.
2007-12-27 22:37:37 --- E O F ---






--------------------------------------------------------------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:18, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Dad\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\