Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Windows File Protector Windows File Protector
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 12-22-2007, 01:45 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 18
OS: Windows XP Media Center


Windows File Protector
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:14 PM, on 12/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ELIASD~1\LOCALS~1\Temp\mozOpenDownload\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvu.exe
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ilipkdkx] rundll32.exe "C:\Program Files\dgvglwne\vkhklohi.dll",Init
O4 - HKLM\..\Run: [yfwporgh] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\yfwporgh.dll"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win3C8.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VLC360.lnk = C:\Program Files\Dun74\VLC360\VLC360.bat
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155355277459
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F855ABF1-A5AF-4601-8058-52C44E8FCA96}: NameServer = 192.168.10.1
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12310 bytes



It's doing unnatural things...
mr.dabit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 11:23 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: Windows File Protector
www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 12:14 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 18
OS: Windows XP Media Center


Re: Windows File Protector
ComboFix 07-12-21.4 - Elias Dabit 2007-12-23 12:39:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1403 [GMT -6:00]
Running from: C:\Documents and Settings\Elias Dabit\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
C:\Program Files\dgvglwne
C:\Program Files\dgvglwne\vkhklohi.dll
C:\Program Files\Helper
C:\Program Files\Helper\superfinderusa.dll
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OinFP.exe~
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe~
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\qomnoml.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NTMLSVC
-------\LEGACY_SFSYNC02
-------\NtmlSvc
-------\sfsync02
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-23 11:46 . 2007-12-23 11:46 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-22 23:52 . 2007-12-22 23:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 23:52 . 2007-12-23 00:46 <DIR> d-------- C:\Documents and Settings\Elias Dabit\Application Data\AVG7
2007-12-22 23:51 . 2007-12-23 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 23:28 . 2007-12-22 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 03:05 . 2007-12-23 02:15 <DIR> d-------- C:\Program Files\Aqjlbhvq
2007-12-22 03:00 . 2007-12-22 13:03 <DIR> d-------- C:\Program Files\RM Converter
2007-12-22 00:17 . 2007-12-22 00:17 <DIR> d-------- C:\Program Files\VirtualDJ
2007-12-21 11:11 . 2007-12-21 11:11 <DIR> d-------- C:\Program Files\ATI
2007-12-21 10:10 . 2007-12-21 10:11 <DIR> d-------- C:\Documents and Settings\Elias Dabit\Application Data\SecondLife
2007-12-20 13:06 . 2007-12-21 10:08 <DIR> d-------- C:\Program Files\MTV Virtual World
2007-12-18 23:12 . 2007-12-18 23:12 <DIR> d-------- C:\Program Files\Kwyshell
2007-12-18 08:47 . 2007-12-18 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YoYoGames
2007-12-11 23:26 . 2007-12-11 23:26 <DIR> d-------- C:\Documents and Settings\Elias Dabit\Application Data\Aquarius Soft
2007-12-11 23:26 . 2007-12-11 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Aquarius Soft
2007-12-09 13:54 . 2007-12-09 14:39 <DIR> d-------- C:\Program Files\PSP Brew
2007-12-08 17:32 . 2007-12-08 17:32 <DIR> d-------- C:\Program Files\****Ware
2007-12-03 22:45 . 2007-12-03 22:45 <DIR> d-------- C:\Documents and Settings\Elias Dabit\j2mewtk
2007-12-03 22:40 . 2007-12-03 22:43 <DIR> d-------- C:\Documents and Settings\Elias Dabit\.SunDownloadManager
2007-12-02 14:19 . 2007-12-02 14:19 <DIR> d-------- C:\Program Files\Alias
2007-12-01 17:06 . 2007-12-01 17:06 <DIR> d-------- C:\Program Files\Paragon Software
2007-11-30 19:48 . 2007-11-30 19:48 <DIR> d-------- C:\Documents and Settings\Elias Dabit\Application Data\Alias
2007-11-30 19:48 . 2007-11-30 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Alias

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-23 19:02 4,720,672 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-23 19:02 337,920 ----a-w C:\WINDOWS\system32\awvvu.exe
2007-12-23 19:02 --------- d-----w C:\Program Files\QuickTime
2007-12-23 19:02 --------- d-----w C:\Program Files\iTunes
2007-12-23 18:58 334,336 ----a-w C:\WINDOWS\system32\awvvu.dll
2007-12-23 18:56 56,324 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-23 18:37 --------- d-----w C:\Program Files\RPGMaker XP
2007-12-23 08:20 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2007-12-23 05:52 9,216 ----a-w C:\WINDOWS\system32\avgwlntf.dll
2007-12-23 05:36 --------- d-----w C:\Program Files\Dell Support
2007-12-22 19:09 140,288 ----a-w C:\WINDOWS\system32\sfc_os(2).dll
2007-12-22 19:08 5,120 ----a-w C:\WINDOWS\system32\SFC(2).DLL
2007-12-22 06:16 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\Azureus
2007-12-16 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 05:25 --------- d-----w C:\Program Files\Azureus
2007-12-08 18:49 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-07 03:52 --------- d-----w C:\Program Files\Audacity
2007-12-06 12:47 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\LimeWire
2007-12-06 12:46 --------- d-----w C:\Program Files\LimeWire
2007-12-06 03:45 --------- d-----w C:\Program Files\SpeedFan
2007-12-05 20:17 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:48 9,535,488 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:14 180,224 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 04:40 --------- d-----w C:\Program Files\Java
2007-11-30 12:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-25 15:56 1,934,376 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-25 15:53 --------- d-----w C:\Program Files\iPod
2007-11-18 23:52 --------- d-----w C:\Program Files\Steam
2007-11-18 00:05 --------- d-----w C:\Program Files\Final Fantasy VII
2007-11-17 05:23 --------- d-----w C:\Program Files\Trillian
2007-11-17 01:18 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\HP
2007-11-17 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2007-11-17 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-11-17 00:59 --------- d-----w C:\Program Files\HP
2007-11-17 00:59 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\HPAppData
2007-11-17 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-11-17 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-11-17 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-17 00:57 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-17 00:57 --------- d-----w C:\Program Files\Common Files\HP
2007-11-17 00:57 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-14 22:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 22:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 01:05 --------- d-----w C:\Program Files\ASIO4ALL v2
2007-11-11 01:04 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-10 21:42 --------- d-----w C:\Program Files\Yahoo!
2007-11-10 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-03 20:32 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\.clamwin
2007-11-03 20:29 --------- d-----w C:\Program Files\ClamWin
2007-11-03 20:27 --------- d-----w C:\Program Files\Common Files\BitDefender
2007-11-03 20:18 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-11-03 05:45 --------- d-----w C:\Program Files\Rockstar Games
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 02:20 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 11:59 --------- d-----w C:\Program Files\The Weather Channel FW
2007-10-24 07:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-14 10:31 241,664 ----a-w C:\msipl.bin
2007-10-11 15:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 15:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 15:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-03-09 00:18 2,060 -csh--w C:\WINDOWS\msrev60.dat
2006-06-10 23:50 88 -csh--r C:\WINDOWS\system32\CBECEA6862.sys
2007-04-01 20:24 1,251,477 -csha-w C:\WINDOWS\system32\qrutv.bak1
2007-04-05 23:59 1,223,493 -csha-w C:\WINDOWS\system32\qrutv.bak2
2007-04-06 00:32 1,220,642 -csha-w C:\WINDOWS\system32\qrutv.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{580E100C-DDA4-43C0-BE92-46951A79336B}]
2007-12-23 12:58 334336 --a------ C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Aqjlbhvq\kdxoukyk.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" []
"Aim6"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2007-12-23 13:04]
"eMuleAutoStart"="C:\Program Files\eMule\eMule.exe" []
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-23 13:04]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-23 13:04]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" [2007-12-23 13:04]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" []
"Gtwatch"="C:\WINDOWS\gtwatch.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 16:20 C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-12-23 13:04]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-23 13:04]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2007-12-23 13:04]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-23 13:04]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 23:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2006-06-14 17:24:37]
VLC360.lnk - C:\Program Files\Dun74\VLC360\VLC360.bat [2006-03-27 14:39:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"UseDesktopIniCache"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-22 23:52 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\awvvu.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awvvu

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 16:44]
R2 VirtualFD;VirtualFD;C:\Documents and Settings\Elias Dabit\My Documents\Virtual Floppy Disk\vfd.sys [2005-04-04 10:36]
S1 EPPSCSIx;EPPSCSIx;C:\WINDOWS\system32\drivers\EPPSCSI.SYS [1999-11-11 16:39]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Elias Dabit\My Documents\VCdRom.sys []
S3 GT680x;Grand Tech GT680x NT;C:\WINDOWS\system32\DRIVERS\GT680x.SYS [2000-08-18 12:57]
S3 gtermddo;gtermddo;C:\DOCUME~1\ELIASD~1\LOCALS~1\Temp\gtermddo.sys []
S3 ICAM5USB;Intel(r) PC Camera CS110;C:\WINDOWS\system32\Drivers\Icam5USB.sys [2001-08-17 13:06]
S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys [2006-06-06 14:47]
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys [2007-07-27 13:31]
S3 QWAVEDRV;QWAVE driver;C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 19:20]
S3 SRS_SSCFilter;SRS Labs Audio Sandbox (WDM);C:\WINDOWS\system32\drivers\srs_sscfilter.sys [2006-10-09 10:18]
S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2007-09-06 12:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 13:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-22 05:34:00 C:\WINDOWS\Tasks\At1.job"
- C:\PROGRA~1\WORDCL~1\WordClick.exe
"2007-12-23 19:03:46 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 12:59:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 1321 - machine was rebooted
.
2007-12-12 03:23:51 --- E O F ---




-------------------------------------------------------------------------





Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:11:54 PM, on 12/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif .exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Elias Dabit\Desktop\HiJackThis_v2.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\imapi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvu.exe
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {580E100C-DDA4-43C0-BE92-46951A79336B} - C:\WINDOWS\system32\awvvu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Aqjlbhvq\kdxoukyk.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: VLC360.lnk = C:\Program Files\Dun74\VLC360\VLC360.bat
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Copy to &Lightning Note - C:\Program Files\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra 'Tools' menuitem: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - (no file)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1155355277459
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F855ABF1-A5AF-4601-8058-52C44E8FCA96}: NameServer = 192.168.10.1
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 15271 bytes









The Windows File Protector stopped popping up, but now my Explorer.exe is crashing and restarting every 10 sec. It is extremely frustrating. I ran AVG 7.5 earlier and it tried to fix some things, but it didn't fix everything.
mr.dabit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 12:18 PM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: Windows File Protector
You did not use the ComboFix that I prescribed. Your copy is 3 days old & was downloaded from somewhere else.

Please use the links that I have provided.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 12:59 PM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 18
OS: Windows XP Media Center


Re: Windows File Protector
ComboFix 07-12-24.3 - Elias Dabit 2007-12-23 13:36:27.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1443 [GMT -6:00]
Running from: C:\Documents and Settings\Elias Dabit\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-24 13:46 . 2007-12-24 13:46 334,336 --------- C:\WINDOWS\system32\awvvu.dll
2007-12-23 12:41 . 2007-12-23 12:41 337,628 --a------ C:\WINDOWS\system32\RCX150.tmp
2007-12-23 12:34 . 2007-12-24 13:47 337,920 --a------ C:\WINDOWS\system32\awvvu.exe
2007-12-23 11:46 . 2007-12-23 11:46 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-12-22 23:52 . 2007-12-22 23:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-22 23:52 . 2007-12-23 00:46 <DIR> d-------- C:\Documents and Settings\Elias Dabit\Application Data\AVG7
2007-12-22 23:52 . 2007-12-22 23:52 9,216 --a------ C:\WINDOWS\system32\avgwlntf.dll
2007-12-22 23:51 . 2007-12-23 00:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 23:29 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-22 23:28 . 2007-12-22 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-22 17:27 . 2007-12-22 17:36 <DIR> d-------- C:\pebuilder3110a
2007-12-22 17:15 . 2007-12-22 17:16 <DIR> d-------- C:\BACKUP
2007-12-22 16:21 . 2007-12-22 16:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-22 16:21 . 2007-12-22 16:21 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-22 16:21 . 2007-12-22 16:21 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-22 16:21 . 2007-12-22 16:21 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-22 13:09 . 2007-12-22 13:09 140,288 --a------ C:\WINDOWS\system32\sfc_os(2).dll
2007-12-22 13:09 . 2007-12-22 13:08 5,120 --a------ C:\WINDOWS\system32\SFC(2).DLL
2007-12-22 12:48 . 2007-12-23 02:20 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-22 11:52 . 2004-08-10 04:00 66,594 --a------ C:\WINDOWS\system32\dllcache\c_864.nls
2007-12-22 11:52 . 2004-08-10 04:00 66,594 --a------ C:\WINDOWS\system32\dllcache\c_862.nls
2007-12-22 11:52 . 2004-08-10 04:00 66,594 --a------ C:\WINDOWS\system32\dllcache\c_858.nls
2007-12-22 11:52 . 2004-08-10 04:00 66,082 --a------ C:\WINDOWS\system32\dllcache\c_870.nls
2007-12-22 03:05 . 2007-12-23 02:15 <DIR> d-------- C:\Program Files\Aqjlbhvq
2007-12-22 03:00 . 2007-12-22 13:03 <DIR> d-------- C:\Program Files\RM Converter
2007-12-22 00:17 . 2007-12-22 00:17 <DIR> d-------- C:\Program Files\VirtualDJ
2007-12-21 11:11 . 2007-12-21 11:11 <DIR> d-------- C:\Program Files\ATI
2007-12-21 10:10 . 2007-12-21 10:11 <DIR> d-------- C:\Documents and Settings\Elias Dabit\Application Data\SecondLife
2007-12-20 13:06 . 2007-12-21 10:08 <DIR> d-------- C:\Program Files\MTV Virtual World
2007-12-18 23:12 . 2007-12-18 23:12 <DIR> d-------- C:\Program Files\Kwyshell
2007-12-18 08:47 . 2007-12-18 08:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YoYoGames
2007-12-11 23:26 . 2007-12-11 23:26 <DIR> d-------- C:\Documents and Settings\Elias Dabit\Application Data\Aquarius Soft
2007-12-11 23:26 . 2007-12-11 23:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Aquarius Soft
2007-12-09 14:39 . 2007-12-09 14:39 <DIR> d-------- C:\PSP
2007-12-09 13:54 . 2007-12-09 14:39 <DIR> d-------- C:\Program Files\PSP Brew
2007-12-09 13:54 . 2004-06-09 16:14 10,556 --a------ C:\WINDOWS\system32\drivers\filedisk.sys
2007-12-08 17:32 . 2007-12-08 17:32 <DIR> d-------- C:\Program Files\****Ware
2007-12-08 02:00 . 2007-10-14 04:31 241,664 --a------ C:\msipl.bin
2007-12-08 02:00 . 2007-08-22 17:02 32,768 --a------ C:\msinst.exe
2007-12-04 20:48 . 2007-12-04 20:48 9,535,488 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-12-04 20:33 . 2007-12-04 20:33 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat
2007-12-04 20:33 . 2007-12-04 20:33 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat
2007-12-04 20:14 . 2007-12-04 20:14 180,224 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-12-03 22:45 . 2007-12-03 22:45 <DIR> d-------- C:\Documents and Settings\Elias Dabit\j2mewtk
2007-12-03 22:43 . 2007-12-03 22:44 <DIR> d-------- C:\WTK2.5.2
2007-12-03 22:40 . 2007-12-03 22:43 <DIR> d-------- C:\Documents and Settings\Elias Dabit\.SunDownloadManager
2007-12-02 14:19 . 2007-12-02 14:19 <DIR> d-------- C:\Program Files\Alias
2007-12-01 17:06 . 2007-12-01 17:06 <DIR> d-------- C:\Program Files\Paragon Software
2007-11-30 19:48 . 2007-11-30 19:48 <DIR> d-------- C:\Documents and Settings\Elias Dabit\Application Data\Alias
2007-11-30 19:48 . 2007-11-30 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Alias
2007-11-28 15:50 . 2007-11-28 15:50 11,717 --a------ C:\WINDOWS\atiogl.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 19:50 4,802,592 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-24 19:47 --------- d-----w C:\Program Files\QuickTime
2007-12-24 19:47 --------- d-----w C:\Program Files\iTunes
2007-12-24 19:44 57,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-23 19:05 --------- d-----w C:\Program Files\RPGMaker XP
2007-12-23 05:36 --------- d-----w C:\Program Files\Dell Support
2007-12-22 06:16 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\Azureus
2007-12-16 16:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-12 05:25 --------- d-----w C:\Program Files\Azureus
2007-12-08 18:49 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-07 03:52 --------- d-----w C:\Program Files\Audacity
2007-12-06 12:47 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\LimeWire
2007-12-06 12:46 --------- d-----w C:\Program Files\LimeWire
2007-12-06 03:45 --------- d-----w C:\Program Files\SpeedFan
2007-12-05 20:17 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-05 05:26 2,782,208 ----a-w C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-12-05 03:05 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-05 03:04 269,312 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-05 02:56 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-05 02:55 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-05 02:55 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-05 02:55 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-05 02:54 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-05 02:53 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-05 02:53 495,616 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-05 02:44 3,175,584 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-05 02:33 1,640,192 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-05 02:19 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-05 02:19 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-05 02:17 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-05 02:16 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-05 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-04 04:40 --------- d-----w C:\Program Files\Java
2007-11-30 12:35 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-25 15:56 1,934,376 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-25 15:53 --------- d-----w C:\Program Files\iPod
2007-11-18 23:52 --------- d-----w C:\Program Files\Steam
2007-11-18 00:05 --------- d-----w C:\Program Files\Final Fantasy VII
2007-11-17 05:23 --------- d-----w C:\Program Files\Trillian
2007-11-17 01:18 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\HP
2007-11-17 01:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2007-11-17 01:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2007-11-17 00:59 --------- d-----w C:\Program Files\HP
2007-11-17 00:59 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\HPAppData
2007-11-17 00:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2007-11-17 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2007-11-17 00:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-11-17 00:57 --------- d-----w C:\Program Files\Hewlett-Packard
2007-11-17 00:57 --------- d-----w C:\Program Files\Common Files\HP
2007-11-17 00:57 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-11-14 22:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 22:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 01:05 --------- d-----w C:\Program Files\ASIO4ALL v2
2007-11-11 01:04 --------- d-----w C:\Program Files\DAEMON Tools
2007-11-10 21:42 --------- d-----w C:\Program Files\Yahoo!
2007-11-10 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-11-03 20:32 --------- d-----w C:\Documents and Settings\Elias Dabit\Application Data\.clamwin
2007-11-03 20:29 --------- d-----w C:\Program Files\ClamWin
2007-11-03 20:27 --------- d-----w C:\Program Files\Common Files\BitDefender
2007-11-03 20:18 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2007-11-03 05:45 --------- d-----w C:\Program Files\Rockstar Games
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 02:20 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 11:59 --------- d-----w C:\Program Files\The Weather Channel FW
2007-10-24 07:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 07:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 07:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 07:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-11 15:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 15:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 15:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-03-09 00:18 2,060 -csh--w C:\WINDOWS\msrev60.dat
2006-06-10 23:50 88 -csh--r C:\WINDOWS\system32\CBECEA6862.sys
2007-04-01 20:24 1,251,477 -csha-w C:\WINDOWS\system32\qrutv.bak1
2007-04-05 23:59 1,223,493 -csha-w C:\WINDOWS\system32\qrutv.bak2
2007-04-06 00:32 1,220,642 -csha-w C:\WINDOWS\system32\qrutv.ini2
.

((((((((((((((((((((((((((((( snapshot@2007-12-23_13.04.13.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-13 16:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-12-14 03:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 14:00:00 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-12-23 18:59:42 12,630 -c--a-w C:\WINDOWS\system32\tablet.dat
+ 2007-12-24 19:49:48 12,630 -c--a-w C:\WINDOWS\system32\tablet.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
2007-03-02 16:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
2007-03-02 16:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{76F262CF-0308-0FB4-F7A3-043266F3A47C}]
C:\Program Files\Aqjlbhvq\kdxoukyk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CA8CE1F-6F33-4D8B-AA54-CED5C42D3935}]
2007-12-24 13:46 334336 --------- C:\WINDOWS\system32\awvvu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" []
"Aim6"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2007-12-24 13:47]
"eMuleAutoStart"="C:\Program Files\eMule\eMule.exe" []
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2007-12-24 13:54]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-24 13:54]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" [2007-12-24 13:54]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" []
"Gtwatch"="C:\WINDOWS\gtwatch.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 16:20 C:\WINDOWS\stsystra.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-12-24 13:54]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-24 13:54]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2007-12-24 13:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-24 13:54]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-22 23:51]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 21:26:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2006-06-14 17:24:37]
VLC360.lnk - C:\Program Files\Dun74\VLC360\VLC360.bat [2006-03-27 14:39:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
"UseDesktopIniCache"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-22 23:52 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\WINDOWS\system32\awvvu.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\awvvu

R1 cdrbsvsd;cdrbsvsd;C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 16:44]
S1 EPPSCSIx;EPPSCSIx;C:\WINDOWS\system32\drivers\EPPSCSI.SYS [1999-11-11 16:39]
S1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys []
S3 GT680x;Grand Tech GT680x NT;C:\WINDOWS\system32\DRIVERS\GT680x.SYS [2000-08-18 12:57]
S3 gtermddo;gtermddo;C:\DOCUME~1\ELIASD~1\LOCALS~1\Temp\gtermddo.sys []
S3 ICAM5USB;Intel(r) PC Camera CS110;C:\WINDOWS\system32\Drivers\Icam5USB.sys [2001-08-17 13:06]
S3 Maplom;Maplom;C:\WINDOWS\system32\drivers\Maplom.sys [2006-06-06 14:47]
S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys [2007-07-27 13:31]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-17 13:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-22 05:34:00 C:\WINDOWS\Tasks\At1.job"
- C:\PROGRA~1\WORDCL~1\WordClick.exe
"2007-12-23 19:03:46 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 13:48:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\awvvu.dll
.
Completion time: 2007-12-24 13:56:27 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-23 13:06
.
2007-12-12 03:23:51 --- E O F ---
mr.dabit is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 01:14 PM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: Windows File Protector
Quote:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-12-24 13:54]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" [2007-12-24 13:54]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-12-24 13:54]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-12-24 13:54]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2007-12-24 13:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-24 13:54]
Okay. Look at the above list.
Those highlighted in red used to be legitimate files but are now infected by Vundo. We shall need to deal with them first. Otherwise the infection will keep regenerating.


Do a HijackThis scan & place a check next to these items and select "Fix checked":

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


--------------


Quote:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" []
"Gtwatch"="C:\WINDOWS\gtwatch.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" []
Those entries listed in blue suggest that those files are no longer present in the machine. Please verify if that's true. I shall await your reply

Also post a fresh Hijackthis log
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 04:33 PM   #7 (permalink)