Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
New HJT logfile New HJT logfile
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2 >
 
Thread Tools
Old 12-22-2007, 01:56 PM   #1 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: WIN XP


New HJT logfile
I've been getting some popups the last few days, all originally begin with Internet Speed Monitor as the window.

I run AVG daily for updates, also try to clean out items every few weeks with Spybot S&D

Besides popups, I've experienced twice where the start menu and task bar disappear as well as all desktop icons.

Below is the HJT file.Thanks!


Logfile of HijackThis v1.99.1
Scan saved at 3:45:50 PM, on 12/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
C:\Program Files\Verizon\McciTrayApp .exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint .exe
C:\PROGRA~1\Grisoft\AVG7\avgcc .exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
C:\Program Files\SpamScreener\spamscrn .exe
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Angel & Brian\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
F3 - REG:win.ini: load=C:\WINDOWS\System32\mllji.exe
N2 - Netscape 6: user_pref("browser.startup.homepage", "www.mail.yahoo.com"); (C:\Documents and Settings\Angel & Brian\Application Data\Mozilla\Profiles\default\5kdkfr86.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Angel & Brian\Application Data\Mozilla\Profiles\default\5kdkfr86.slt\prefs.js)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Hti] C:\npdor\npdor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunOnce: [VcCleanUp.exe] C:\DOCUME~1\ANGEL&~1\LOCALS~1\Temp\VcCleanUp.exe /F C:\PROGRA~1\COMMON~1\SYMANT~1\LiveReg\ /RemoveAll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpamScreener] "C:\Program Files\SpamScreener\spamscrn.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pkg] "C:\Program Files\Common Files\?asks\l?ass.exe"
O4 - HKCU\..\Run: [QdrModule11] "C:\Program Files\QdrModule\QdrModule11.exe"
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! MahJong - http://download2.games.yahoo.com/gam...ts/y/ot0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...on/Coupons.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
woobiebv is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 11:22 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: New HJT logfile
www.bleepingcomputer.com
www.forospyware.com
www.geekstogo.com

1. Please choose from any of the above links. Download the file & Save it to Desktop.

2. Double click on ComboFix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that & a fresh Hijackthis log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-23-2007, 07:08 PM   #3 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: WIN XP


Re: New HJT logfile
New HJT log-

Logfile of HijackThis v1.99.1
Scan saved at 8:46:43 PM, on 12/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Angel & Brian\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
N2 - Netscape 6: user_pref("browser.startup.homepage", "www.mail.yahoo.com"); (C:\Documents and Settings\Angel & Brian\Application Data\Mozilla\Profiles\default\5kdkfr86.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Angel & Brian\Application Data\Mozilla\Profiles\default\5kdkfr86.slt\prefs.js)
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {6DB1D2B0-7C78-4315-B106-A85844D6B584} - C:\Program Files\Common Files\hokem83122.dll (file missing)
O2 - BHO: (no name) - {a0372874-94d9-4974-9cd1-f0edf50e5d5e} - C:\WINDOWS\System32\kfjllrf.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Hti] C:\npdor\npdor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pkg] "C:\Program Files\Common Files\?asks\l?ass.exe"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! MahJong - http://download2.games.yahoo.com/gam...ts/y/ot0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...on/Coupons.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O20 - Winlogon Notify: ShoppersHotlineWired - C:\WINDOWS\System32\shls.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Combofix log -

ComboFix 07-12-24.7 - Angel & Brian 2007-12-23 20:48:32.2 - NTFSx86
Running from: C:\Documents and Settings\Angel & Brian\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-22 10:52 . 2007-12-23 08:55 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-01 13:25 . 2007-12-23 08:57 <DIR> d-------- C:\Documents and Settings\Angel & Brian\Application Data\AVG7
2007-12-01 13:22 . 2007-12-01 13:22 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-12-01 13:21 . 2007-12-01 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-01 13:21 . 2007-12-02 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 13:05 . 2007-12-01 13:08 <DIR> d-------- C:\Program Files\digestIT 2004

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 01:27 --------- d-----w C:\Program Files\QuickTime
2007-12-23 14:44 --------- d-----w C:\Program Files\verizon
2007-12-23 14:44 --------- d-----w C:\Program Files\SpamScreener
2007-12-23 13:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2005-10-11 22:41 3,275 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2007-07-04 13:34 1,845,244 --sha-w C:\WINDOWS\system32\accdd.bak2
2007-07-05 00:23 1,860,675 --sha-w C:\WINDOWS\system32\accdd.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DB1D2B0-7C78-4315-B106-A85844D6B584}]
C:\Program Files\Common Files\hokem83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0372874-94d9-4974-9cd1-f0edf50e5d5e}]
C:\WINDOWS\System32\kfjllrf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Pkg"="C:\Program Files\Common Files\?asks\l?ass.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hti"="C:\npdor\npdor.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-23 20:27]
"S3TRAY2"="S3tray2.exe" [2003-02-25 03:33 C:\WINDOWS\system32\S3tray2.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-01 13:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2003-04-21 09:29:42]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-08-04 09:08:57]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\WindowsUpdate\profsyrtyl.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ShoppersHotlineWired]
C:\WINDOWS\System32\shls.dll 2007-09-18 15:39 352256 C:\WINDOWS\system32\shls.dll

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2005-03-30 18:31]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\System32\DRIVERS\gan_adapter.sys [2006-10-19 10:11]
S3 NPDORMW;NPDOR Media Driver;C:\WINDOWS\System32\Drivers\NPDORMW.sys []
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\System32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 20:51:38
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 20:52:27
C:\ComboFix2.txt ... 2007-12-23 20:45
.
2007-07-14 16:41:28 --- E O F ---


Also, upon booting up this morning, and AVG running a scan, new entries to the virus vault have appeared. All under Trojan Horse Dropper.Generic.THT

If helpful I can list the locations it is appearing.

Thanks
woobiebv is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 03:03 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: New HJT logfile
Quote:
C:\ComboFix2.txt ... 2007-12-23 20:45
Kindly post this log. Also that note that you have a file infector onboard. It appears to have infected some of your autostart programs.
Last edited by sUBs : 12-24-2007 at 03:06 AM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 05:07 AM   #5 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: WIN XP


Re: New HJT logfile
ComboFix 07-12-24.7 - Angel & Brian 2007-12-23 20:26:27.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.55 [GMT -5:00]
Running from: C:\Documents and Settings\Angel & Brian\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\Angel & Brian\Application Data\WinAntiSpyware 2007 Free
C:\Documents and Settings\Angel & Brian\Application Data\WinAntiSpyware 2007 Free\description.txt
C:\Documents and Settings\Angel & Brian\err.log
C:\Documents and Settings\Angel & Brian\My Documents\MBOLS~1
C:\Documents and Settings\Angel & Brian\My Documents\MBOLS~1\??mbols\
C:\Documents and Settings\Angel & Brian\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Angel & Brian\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Angel & Brian\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\asks~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\poolsv
C:\Program Files\QdrDrive
C:\Program Files\QdrPack
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\svhost
C:\temp\0b9
C:\temp\0b9\tmpTF.log
C:\temp\iee
C:\temp\iee\tmpZTF.log
C:\temp\tn3
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\awturrp.dll
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\ijllm.ini
C:\WINDOWS\system32\ijllm.ini2
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\mllji.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\o09PrEz
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wnscpsv32.exe
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X2
C:\WINDOWS\system32\X3
C:\WINDOWS\system32\X4
C:\WINDOWS\system32\X5
C:\WINDOWS\system32\X9

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_FOPN


((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-22 10:52 . 2007-12-23 08:55 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-01 13:25 . 2007-12-23 08:57 <DIR> d-------- C:\Documents and Settings\Angel & Brian\Application Data\AVG7
2007-12-01 13:22 . 2007-12-01 13:22 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-12-01 13:21 . 2007-12-01 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-01 13:21 . 2007-12-02 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 13:05 . 2007-12-01 13:08 <DIR> d-------- C:\Program Files\digestIT 2004

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 01:27 --------- d-----w C:\Program Files\QuickTime
2007-12-23 14:44 --------- d-----w C:\Program Files\verizon
2007-12-23 14:44 --------- d-----w C:\Program Files\SpamScreener
2007-12-23 13:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2005-10-11 22:41 3,275 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
2007-07-04 13:34 1,845,244 --sha-w C:\WINDOWS\system32\accdd.bak2
2007-07-05 00:23 1,860,675 --sha-w C:\WINDOWS\system32\accdd.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DB1D2B0-7C78-4315-B106-A85844D6B584}]
C:\Program Files\Common Files\hokem83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0372874-94d9-4974-9cd1-f0edf50e5d5e}]
C:\WINDOWS\System32\kfjllrf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Pkg"="C:\Program Files\Common Files\?asks\l?ass.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hti"="C:\npdor\npdor.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-23 20:27]
"S3TRAY2"="S3tray2.exe" [2003-02-25 03:33 C:\WINDOWS\system32\S3tray2.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-01 13:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2003-04-21 09:29:42]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-08-04 09:08:57]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\WindowsUpdate\profsyrtyl.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ShoppersHotlineWired]
C:\WINDOWS\System32\shls.dll 2007-09-18 15:39 352256 C:\WINDOWS\system32\shls.dll

S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\System32\DRIVERS\gan_adapter.sys [2006-10-19 10:11]
S3 NPDORMW;NPDOR Media Driver;C:\WINDOWS\System32\Drivers\NPDORMW.sys []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 20:43:16
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-23 20:45:27 - machine was rebooted
.
2007-07-14 16:41:28 --- E O F ---


Thanks
woobiebv is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 05:24 AM   #6 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: New HJT logfile
Do a HijackThis scan & place a check next to these items and select "Fix checked":

O2 - BHO: (no name) - {6DB1D2B0-7C78-4315-B106-A85844D6B584} - C:\Program Files\Common Files\hokem83122.dll (file missing)
O2 - BHO: (no name) - {a0372874-94d9-4974-9cd1-f0edf50e5d5e} - C:\WINDOWS\System32\kfjllrf.dll (file missing)
O4 - HKCU\..\Run: [Pkg] "C:\Program Files\Common Files\?asks\l?ass.exe"
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/40...on/Coupons.cab
O20 - Winlogon Notify: ShoppersHotlineWired - C:\WINDOWS\System32\shls.dll


---------------


Open notepad and copy/paste the text in the quotebox below into it:

Code:
http://www.techsupportforum.com/security-center/hijackthis-log-help/204940-new-hjt-logfile.html
Collect::
C:\WINDOWS\system32\shls.dll
File::
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini2
C:\Program Files\WindowsUpdate\profsyrtyl.html
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6DB1D2B0-7C78-4315-B106-A85844D6B584}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a0372874-94d9-4974-9cd1-f0edf50e5d5e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pkg"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ShoppersHotlineWired]
Save this as "CFScript"




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file on your Desktop, called [4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/subm....php?channel=4


---------------


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


---------------


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
  3. ComboFix's log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 05:30 AM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 21,354
OS: XP


Re: New HJT logfile
In addition to the above, please do this before the Kaspersky Scan.

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code:
@echo off
Vfind.exe -ltf "%systemdrive%\* .exe" > Log.txt
Start notepad log.txt
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post back to tell me what it says
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 08:41 AM   #8 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: WIN XP


Re: New HJT logfile
Fix.bat log

----a-w 102,400 2007-12-22 20:08:25 C:\Program Files\Creative\MediaSource\Detector\CTDetect .exe
----a-w 579,072 2007-12-23 13:55:52 C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w 241,664 2007-12-23 13:55:44 C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
----a-w 1,670,144 2007-12-22 15:53:03 C:\Program Files\Messenger\msmsgs .exe
----a-w 184,376 2007-12-23 13:56:00 C:\Program Files\Microsoft Money\System\Money Express .exe
----a-w 530,432 2007-12-24 01:27:01 C:\Program Files\QuickTime\qttask .exe
----a-w 1,519,104 2007-12-23 13:56:03 C:\Program Files\SpamScreener\spamscrn .exe
----a-w 936,960 2007-12-23 13:55:49 C:\Program Files\verizon\McciTrayApp .exe
----a-w 1,880,064 2007-12-22 20:08:00 C:\Program Files\verizon\Servicepoint\VerizonServicepoint .exe
----a-w 155,648 2007-12-23 13:55:48 C:\WINDOWS\system32\NeroCheck .exe

Entries: 10 (10)
Directories: 0 Files: 10
Bytes: 7,799,864 Blocks: 15,235


Running Kaspersky now
woobiebv is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 08:49 AM   #9 (permalink)
Registered User
 
Join Date: Dec 2007
Posts: 11
OS: WIN XP


Re: New HJT logfile
New HJT-

Logfile of HijackThis v1.99.1
Scan saved at 10:45:02 AM, on 12/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\System32\S3tray2.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Angel & Brian\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/mail?.intl=us
N2 - Netscape 6: user_pref("browser.startup.homepage", "www.mail.yahoo.com"); (C:\Documents and Settings\Angel & Brian\Application Data\Mozilla\Profiles\default\5kdkfr86.slt\prefs.js)
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Angel & Brian\Application Data\Mozilla\Profiles\default\5kdkfr86.slt\prefs.js)
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Yahoo! MahJong - http://download2.games.yahoo.com/gam...ts/y/ot0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...SL/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Kaspersky scan -

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 24, 2007 10:41:59 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/12/2007
Kaspersky Anti-Virus database records: 493039
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 47653
Number of viruses found: 10
Number of infected objects: 12
Number of suspicious objects: 2
Duration of the scan process: 00:59:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.7.8/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Angel & Brian\Application Data\Microsoft\Outlook\outcmd.dat Object is locked skipped
C:\Documents and Settings\Angel & Brian\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Angel & Brian\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\History\History.IE5\MSHist012007122420071225\index.dat Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\Temp\~DF19B8.tmp Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\Temp\~DF5AA4.tmp Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\Temp\~DF5AB0.tmp Object is locked skipped
C:\Documents and Settings\Angel & Brian\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Angel & Brian\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Angel & Brian\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\backups\backup-20050620-184320-726.dll Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachine_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\General.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Virus.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\QuickTime\qttask .exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP728\A0041510.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP728\A0041511.dll Infected: Trojan.Win32.Pakes.akr skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP728\A0041512.dll Infected: not-a-virus:AdWare.Win32.RK.d skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP732\A0041646.exe Infected: not-a-virus:AdWare.Win32.RK.n skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044420.exe Infected: Trojan-Downloader.Win32.Osel.bx skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044426.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044427.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044428.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044429.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044430.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044431.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044432.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044433.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044434.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044435.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044436.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP795\A0044437.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP796\A0044449.ocx Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044462.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044471.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044472.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044473.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044474.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044475.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044476.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044478.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044479.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044480.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044481.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP797\A0044482.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044545.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044546.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044547.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044548.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044549.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044550.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044551.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044552.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044553.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044554.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044555.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044563.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044582.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044583.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044584.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044589.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044590.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044592.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044593.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044594.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044595.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044596.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044598.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044601.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044629.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP798\A0044630.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP800\A0044637.exe Object is locked skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP800\A0044667.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP800\A0044667.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP800\A0044669.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{CD2F0BC6-CC05-44EB-BA2E-69D2A5CA70FD}\RP801\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\crap Infected: not-a-virus:AdWare.Win32.Agent.dk skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\mmf.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Combofix log -

ComboFix 07-12-24.7 - Angel & Brian 2007-12-24 8:32:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.51 [GMT -5:00]
Running from: C:\Documents and Settings\Angel & Brian\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angel & Brian\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\WindowsUpdate\profsyrtyl.html
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\shls.dll

.
((((((((((((((((((((((((( Files Created from 2007-11-24 to 2007-12-24 )))))))))))))))))))))))))))))))
.

2007-12-22 10:52 . 2007-12-23 08:55 155,648 --a------ C:\WINDOWS\system32\NeroCheck .exe
2007-12-01 13:25 . 2007-12-23 08:57 <DIR> d-------- C:\Documents and Settings\Angel & Brian\Application Data\AVG7
2007-12-01 13:22 . 2007-12-01 13:22 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-12-01 13:21 . 2007-12-01 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-01 13:21 . 2007-12-02 08:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-01 13:05 . 2007-12-01 13:08 <DIR> d-------- C:\Program Files\digestIT 2004

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 01:27 --------- d-----w C:\Program Files\QuickTime
2007-12-23 14:44 --------- d-----w C:\Program Files\verizon
2007-12-23 14:44 --------- d-----w C:\Program Files\SpamScreener
2007-12-23 13:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2005-10-11 22:41 3,275 ----a-w C:\Program Files\hijackthis.log
2005-02-16 15:06 218,112 ----a-w C:\Program Files\HijackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [2007-12-23 20:27]
"S3TRAY2"="S3tray2.exe" [2003-02-25 03:33 C:\WINDOWS\system32\S3tray2.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-01 13:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2003-04-21 09:29:42]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]
VPN Client.lnk - C:\WINDOWS\Installer\{D25122BC-A60E-4663-B602-B01718F12044}\Icon3E5562ED7.ico [2007-08-04 09:08:57]

R2 LicCtrlService;LicCtrl Service;C:\WINDOWS\runservice.exe [2005-03-30 18:31]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\System32\DRIVERS\gan_adapter.sys [2006-10-19 10:11]
S3 NPDORMW;NPDOR Media Driver;C:\WINDOWS\System32\Drivers\NPDORMW.sys []
S3 Radialpoint Security Services;Radialpoint Security Services;C:\WINDOWS\System32\dllhost.exe /Processid:{80098F68-1220-4F43-80A8-15C7395B8874} []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-24 08:36:30
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\System32\shls.dll
.
Completion time: 2007-12-24 8:37:11
C:\ComboFix2.txt ... 2007-12-23 20:52
C:\ComboFix3.txt ... 2007-12-23 20:45
.
2007-07-14 16:41:28 --- E O F ---


As far as system performance, I haven't had any more popups since AVG ran and found the Trojan downloaders the other morning. But I think still running slower than normal.

Thanks

Edit to add - zipped file also submitted: [4]-Submit_2007-12-24@8.31
Last edited by woobiebv : 12-24-2007 at 08:51 AM.
woobiebv is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 12-24-2007, 09:46 AM   #10 (<