Infected Computer.

carsfranchino · 07-26-2006, 07:04 PM

This is the HJT log, this computer have too many problems. Please help me when you get a chance.
Thank you!!!

Logfile of HijackThis v1.99.1
Scan saved at 8:55:02 PM, on 7/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\imageaccess.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\MRT.exe
C:\WINDOWS\ssloop.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\aDOBE\dllhost.exe
C:\Documents and Settings\Alfredo\Application Data\?racle\d?dplay.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Alfredo\LOCALS~1\Temp\Rar$EX01.547\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfjjp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mapnawa.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Winsock2 driver] IPCNFG.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Jump Drive] JUMPDRIVE32.EXE
O4 - HKLM\..\Run: [wscfg32] C:\WINDOWS\ssloop.exe
O4 - HKLM\..\RunServices: [Windows System32] explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] win32.exe
O4 - HKLM\..\RunServices: [Windows Shell Interface] wInterface.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows System32] explorer.exe
O4 - HKCU\..\Run: [fzzk] C:\PROGRA~1\COMMON~1\fzzk\fzzkm.exe
O4 - HKCU\..\Run: [gjdxq] C:\WINDOWS\System32\kvrfpr.exe reg_run
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr
O4 - HKCU\..\Run: [Ufdhmeia] C:\Documents and Settings\Alfredo\Application Data\?racle\d?dplay.exe
O4 - HKCU\..\Run: [8a3ba9d3.exe] C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Alfredo\LOCALS~1\Temp\34.tmp3072.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [ÿ_zsk^aqsjusn^_yicerc50inkrwksz_] c:\windows\system32\_zskwrkni05creciy_^nsujsqa^.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: adslcomr.dll netiqosn.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\p8r4li9q18.dll (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: catswebv - C:\WINDOWS\System32\catswebv.dll (file missing)
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\lscmgr10.dll (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\ksdgr1.dll (file missing)
O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\System32\dxvwkxif.exe (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll
O21 - SSODL: WaQwpkjIlXB - {312816E6-9B82-BC4C-A3D4-94AC622A0E45} - C:\WINDOWS\System32\qtm.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe

Vikesrock8411 · 07-28-2006, 04:19 PM

Hello and welcome to TSF

I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please follow these instructions to redownload Hijackthis and install it to a permanent folder:

* Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Downloads(make sure to save these in a permanent location)
smitRem.exe - Run it and extract it to it's own folder on the Desktop.
Cleanup!- Install it. You will use this later.
*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.
Ewido Anti-Malware

Install Ewido Anti-Malware
Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
I also recommend changing the "Update interval" to something more reasonable like 12 hours.

If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.
combofix.exe-Save it to your Desktop.
Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Next, please reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

Add/Remove
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
PurityScan by OIN
Snowball Wars by OIN
Yazzle by OIN
Outerinfo
Cowabanga by OIN
or any programs by OIN
If none of these are listed please let me know

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfjjp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mapnawa. exe
O4 - HKLM\..\Run: [Winsock2 driver] IPCNFG.EXE
O4 - HKLM\..\Run: [Windows Jump Drive] JUMPDRIVE32.EXE
O4 - HKLM\..\Run: [wscfg32] C:\WINDOWS\ssloop.exe
O4 - HKLM\..\RunServices: [Windows System32] explorer.exe
O4 - HKLM\..\RunServices: [Microsoft Windows] win32.exe
O4 - HKLM\..\RunServices: [Windows Shell Interface] wInterface.exe
O4 - HKCU\..\Run: [Windows System32] explorer.exe
O4 - HKCU\..\Run: [fzzk] C:\PROGRA~1\COMMON~1\fzzk\fzzkm.exe
O4 - HKCU\..\Run: [gjdxq] C:\WINDOWS\System32\kvrfpr.exe reg_run
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr
O4 - HKCU\..\Run: [Ufdhmeia] C:\Documents and Settings\Alfredo\Application Data\?racle\d?dplay.exe
O4 - HKCU\..\Run: [8a3ba9d3.exe] C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Alfredo\LOCALS~1\Temp\34.tmp3072.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [ÿ_zsk^aqsjusn^_yicerc50inkrwksz_] c:\windows\system32\_zskwrkni05creciy_^nsujsqa^.ex e
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: adslcomr.dll netiqosn.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\p8r4li9q18.dll (file missing)
O20 - Winlogon Notify: catswebv - C:\WINDOWS\System32\catswebv.dll (file missing)
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\lscmgr10.dll (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\ksdgr1.dll (file missing)
O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\System32\dxvwkxif.exe (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll
O21 - SSODL: WaQwpkjIlXB - {312816E6-9B82-BC4C-A3D4-94AC622A0E45} - C:\WINDOWS\System32\qtm.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\WINDOWS\System32\2236_27.dll
C:\WINDOWS\System32\bgk.dll
C:\WINDOWS\System32\taskdir.exe
c:\windows\system32\_zskwrkni05creciy_^nsujsqa^.exe
C:\WINDOWS\ssloop.exe
win32.exe <<Find via Start>Search
wInterface.exe <<Find via Start>Search
JUMPDRIVE32.EXE <<Find via Start>Search
adslcomr.dll <<Find via Start>Search
netiqosn.dll <<Find via Start>Search
C:\PROGRAM Files\COMMON Files\fzzk
C:\Program Files\Common Files\svchostsys
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\Program Files\Purity Scan
C:\Program Files\BraveSentry
C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe

Tools
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present:

"Security Info"
"Warning Message"
"Security Desktop"
"Warning Homepage"
"Desktop Uninstall"

Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it’s checked.

Click OK
Press the CleanUp! button to start the program. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine
Then click Apply all actions

Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Reboot your system in Normal Mode.

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. That log will be located at C:\Combofix.txt and the previous log will be renamed to C:\combofixDateTime.txt Please post the contents of both logs.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

In your next post please include:

Both Combofix logs
Smitrem.txt
Ewido Log
A new Hijackthis! Log

carsfranchino · 07-29-2006, 03:58 AM

Combo Fix Logs:

Start Time= Sat 07/29/2006 5:46:51.38
Running from: C:\Documents and Settings\Alfredo\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-29 05:47:02 81920 ( A.... ) "C:\WINDOWS\system32\javaw.dll"
2006-07-28 19:05:50 ( .D... ) "C:\Program Files\Hijackthis"
2006-07-28 18:33:34 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\Systweak"
2006-07-28 18:33:16 ( .D... ) "C:\Program Files\Advanced System Optimizer"
2006-07-27 20:45:04 ( .D... ) "C:\Program Files\WinZip"
2006-07-27 19:44:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-27 19:41:56 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-27 19:19:52 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe"
2006-07-27 19:19:48 ( .D... ) "C:\Program Files\?ecurity"
2006-07-27 19:17:54 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-26 20:32:32 137850 ( A..H. ) "C:\WINDOWS\ssloop.exe"
2006-07-26 20:30:44 ( .D... ) "C:\Program Files\MSXML 4.0"
2006-07-26 20:19:50 ( .D... ) "C:\Program Files\Common Files\s?stem32"
2006-07-26 20:01:54 29224 ( A..H. ) "C:\WINDOWS\pinf8.exe"
2006-07-26 19:56:06 ( .D... ) "C:\Program Files\Panda Software"
2006-07-26 19:37:32 0 ( A.... ) "C:\loaded.exe"
2006-07-26 19:28:00 ( .D... ) "C:\Program Files\Common Files\Panda Software"
2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys"
2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys"
2006-07-26 18:29:14 24111 ( A..H. ) "C:\WINDOWS\appwiz64.exe"
2006-07-26 18:25:42 28672 ( A.... ) "C:\WINDOWS\System32bez6n4r21.exe"
2006-07-26 18:25:02 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe"
2006-07-25 20:52:34 29415 ( A..H. ) "C:\WINDOWS\pinf0055.exe"
2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe"
2006-07-18 13:23:00 37888 ( ..SHR ) "C:\WINDOWS\imageaccess.exe"
2006-07-17 14:34:06 57344 ( A..H. ) "C:\WINDOWS\system32\winreg32.dll"
2006-07-17 14:34:06 26112 ( A..H. ) "C:\WINDOWS\system32\dfgdisp.dll"
2006-07-17 14:34:06 19917 ( A..H. ) "C:\WINDOWS\system32\icfgdiag.exe"
2006-07-17 11:08:18 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe"
2006-07-17 11:03:08 ( .D... ) "C:\Program Files\Xijajb"
2006-07-13 09:19:44 1512877 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\Install.dat"
2006-07-12 16:14:04 408 ( A.... ) "C:\doejo3k.exe"
2006-07-12 15:25:52 32768 ( A.... ) "C:\WINDOWS\omotpedd.exe"
2006-07-12 15:23:34 ( .D... ) "C:\Program Files\Common Files\partypoker"
2006-07-12 13:49:08 ( .D... ) "C:\Program Files\PartyPoker"
2006-07-12 13:41:20 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\?racle"
2006-07-12 13:40:10 ( .D... ) "C:\Program Files\àdobe"
2006-07-12 13:37:00 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-07-12 13:36:06 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-07-12 13:35:58 0 ( A.... ) "C:\WINDOWS\win32085824710882006.exe"
2006-07-12 13:35:26 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-07-08 18:59:38 1112 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\ViewerApp.dat"
2006-07-02 12:30:10 ( .D... ) "C:\Program Files\mobile PhoneTools"
2006-06-19 16:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-29 05:47 81,920 C:\WINDOWS\system32\javaw.dll
2006-07-26 20:01 29,224 C:\WINDOWS\pinf8.exe
2006-07-26 19:56 49,152 C:\WINDOWS\system32\avldr.dll
2006-07-26 18:29 24,111 C:\WINDOWS\appwiz64.exe
2006-07-26 18:25 28,672 C:\WINDOWS\System32bez6n4r21.exe
2006-07-26 18:25 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-07-26 18:24 1,163,264 C:\WINDOWS\system32\wfxqhv.exe
2006-07-25 20:52 29,415 C:\WINDOWS\pinf0055.exe
2006-07-18 13:23 37,888 C:\WINDOWS\imageaccess.exe
2006-07-17 14:34 57,344 C:\WINDOWS\system32\winreg32.dll
2006-07-17 14:34 26,112 C:\WINDOWS\system32\dfgdisp.dll
2006-07-17 14:34 19,917 C:\WINDOWS\system32\icfgdiag.exe
2006-07-17 14:34 137,850 C:\WINDOWS\ssloop.exe
2006-07-17 11:08 48,187 C:\WINDOWS\system32\VSL03.exe
2006-07-17 11:01 0 C:\loaded.exe
2006-07-12 15:25 32,768 C:\WINDOWS\omotpedd.exe
2006-07-12 15:15 408 C:\doejo3k.exe
2006-07-12 13:41 2 C:\WINDOWS\system32\wintcc.exe
2006-07-12 13:37 1,064 C:\WINDOWS\system32\avcba925.sys
2006-07-12 13:36 8,464 C:\WINDOWS\system32\sporder.dll
2006-07-12 13:36 48,167 C:\WINDOWS\system32\VSL05.exe
2006-07-12 13:35 232,749 C:\WINDOWS\pf78.exe
2006-07-12 13:35 0 C:\WINDOWS\win32085824710882006.exe
2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"Semr"="\"C:\\PROGRA~1\\aDOBE\\dllhost.exe\" -vt yazr"
"Startup Manager"="C:\\Documents and Settings\\Alfredo\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe"
"Vjrva"="C:\\Documents and Settings\\Alfredo\\My Documents\\??crosoft.NET\\w?nspool.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ddegv.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe"
"item"="ddegv"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8a3ba9d3.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="8a3ba9d3"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Alfredo\\Local Settings\\Application Data\\8a3ba9d3.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avcba925]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfg32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\cfg32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndref_7"
"hkey"="HKLM"
"command"="C:\\\\dfndref_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer 2238]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dxvwmpti"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\dxvwmpti.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fzzk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fzzkm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\fzzk\\fzzkm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjdxq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kvrfpr"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\kvrfpr.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssn6tuu"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1125837605\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdef_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdef_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="win32"
"hkey"="HKLM"
"command"="win32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmac_6"
"hkey"="HKLM"
"command"="C:\\\\nwnmac_6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00001"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="testtestt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\testtestt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchostsys"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vqzahjw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Yrzozi"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xijajb\\Yrzozi.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Jump Drive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="JUMPDRIVE32"
"hkey"="HKLM"
"command"="JUMPDRIVE32.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Shell Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wInterface"
"hkey"="HKLM"
"command"="wInterface.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKCU"
"command"="explorer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscfg32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssloop"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ssloop.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÿ_zsk^aqsjusn^_yicerc50inkrwksz_]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="_zskwrkni05creciy_^nsujsqa^"
"hkey"="HKCU"
"command"="c:\\windows\\system32\\_zskwrkni05creciy_^nsujsqa^.exe"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableTaskMgr REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 07/29/2006 5:47:06.81
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-29.054651.txt

Start Time= Fri 07/28/2006 19:09:58.90
Running from: C:\Documents and Settings\Alfredo\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}]
@=""

[HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\InprocServer32]
@="C:\\WINDOWS\\system32\\agcups.dll"
"ThreadingModel"="Apartment"

Granting sedebugprivilege to Administrators ... successful

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-07-28 19:05:50 ( .D... ) "C:\Program Files\Hijackthis"
2006-07-28 18:33:34 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\Systweak"
2006-07-28 18:33:16 ( .D... ) "C:\Program Files\Advanced System Optimizer"
2006-07-27 20:45:04 ( .D... ) "C:\Program Files\WinZip"
2006-07-27 19:44:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-27 19:41:56 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-27 19:19:52 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe"
2006-07-27 19:19:48 ( .D... ) "C:\Program Files\?ecurity"
2006-07-27 19:17:54 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-26 20:32:32 137850 ( A..H. ) "C:\WINDOWS\ssloop.exe"
2006-07-26 20:30:44 ( .D... ) "C:\Program Files\MSXML 4.0"
2006-07-26 20:19:50 ( .D... ) "C:\Program Files\Common Files\s?stem32"
2006-07-26 20:01:54 29224 ( A..H. ) "C:\WINDOWS\pinf8.exe"
2006-07-26 19:56:06 ( .D... ) "C:\Program Files\Panda Software"
2006-07-26 19:37:32 0 ( A.... ) "C:\loaded.exe"
2006-07-26 19:36:12 8984 ( A.... ) "C:\WINDOWS\system32\taskdir~.exe"
2006-07-26 19:28:00 ( .D... ) "C:\Program Files\Common Files\Panda Software"
2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys"
2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys"
2006-07-26 18:29:14 24111 ( A..H. ) "C:\WINDOWS\appwiz64.exe"
2006-07-26 18:25:42 28672 ( A.... ) "C:\WINDOWS\System32bez6n4r21.exe"
2006-07-26 18:25:40 45056 ( A.... ) "C:\WINDOWS\System32ghynf.exe"
2006-07-26 18:25:02 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe"
2006-07-25 20:52:34 29415 ( A..H. ) "C:\WINDOWS\pinf0055.exe"
2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe"
2006-07-18 13:23:00 37888 ( ..SHR ) "C:\WINDOWS\imageaccess.exe"
2006-07-17 14:34:06 57344 ( A..H. ) "C:\WINDOWS\system32\winreg32.dll"
2006-07-17 14:34:06 26112 ( A..H. ) "C:\WINDOWS\system32\dfgdisp.dll"
2006-07-17 14:34:06 19917 ( A..H. ) "C:\WINDOWS\system32\icfgdiag.exe"
2006-07-17 11:08:18 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe"
2006-07-17 11:03:08 ( .D... ) "C:\Program Files\Xijajb"
2006-07-13 09:19:44 1512877 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\Install.dat"
2006-07-12 16:14:04 408 ( A.... ) "C:\doejo3k.exe"
2006-07-12 15:25:52 32768 ( A.... ) "C:\WINDOWS\omotpedd.exe"
2006-07-12 15:23:34 ( .D... ) "C:\Program Files\Common Files\partypoker"
2006-07-12 13:49:08 ( .D... ) "C:\Program Files\PartyPoker"
2006-07-12 13:41:20 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\?racle"
2006-07-12 13:40:10 ( .D... ) "C:\Program Files\àdobe"
2006-07-12 13:37:00 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-07-12 13:36:06 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-07-12 13:35:58 0 ( A.... ) "C:\WINDOWS\win32085824710882006.exe"
2006-07-12 13:35:26 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-07-08 18:59:38 1112 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\ViewerApp.dat"
2006-07-02 12:30:10 ( .D... ) "C:\Program Files\mobile PhoneTools"
2006-06-19 16:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe"

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

2006-07-26 20:01 29,224 C:\WINDOWS\pinf8.exe
2006-07-26 19:56 49,152 C:\WINDOWS\system32\avldr.dll
2006-07-26 18:29 24,111 C:\WINDOWS\appwiz64.exe
2006-07-26 18:25 45,056 C:\WINDOWS\System32ghynf.exe
2006-07-26 18:25 28,672 C:\WINDOWS\System32bez6n4r21.exe
2006-07-26 18:25 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-07-26 18:24 1,163,264 C:\WINDOWS\system32\wfxqhv.exe
2006-07-25 20:52 29,415 C:\WINDOWS\pinf0055.exe
2006-07-18 13:23 37,888 C:\WINDOWS\imageaccess.exe
2006-07-17 14:34 57,344 C:\WINDOWS\system32\winreg32.dll
2006-07-17 14:34 26,112 C:\WINDOWS\system32\dfgdisp.dll
2006-07-17 14:34 19,917 C:\WINDOWS\system32\icfgdiag.exe
2006-07-17 14:34 137,850 C:\WINDOWS\ssloop.exe
2006-07-17 11:08 48,187 C:\WINDOWS\system32\VSL03.exe
2006-07-17 11:01 0 C:\loaded.exe
2006-07-13 09:20 8,984 C:\WINDOWS\system32\taskdir~.exe
2006-07-12 15:25 32,768 C:\WINDOWS\omotpedd.exe
2006-07-12 15:15 408 C:\doejo3k.exe
2006-07-12 13:41 2 C:\WINDOWS\system32\wintcc.exe
2006-07-12 13:37 1,064 C:\WINDOWS\system32\avcba925.sys
2006-07-12 13:36 8,464 C:\WINDOWS\system32\sporder.dll
2006-07-12 13:36 48,167 C:\WINDOWS\system32\VSL05.exe
2006-07-12 13:35 232,749 C:\WINDOWS\pf78.exe
2006-07-12 13:35 0 C:\WINDOWS\win32085824710882006.exe
2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl"
"Semr"="\"C:\\PROGRA~1\\aDOBE\\dllhost.exe\" -vt yazr"
"Startup Manager"="C:\\Documents and Settings\\Alfredo\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ddegv.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe"
"item"="ddegv"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8a3ba9d3.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="8a3ba9d3"
"hkey"="HKCU"
"command"="C:\\Documents and Settings\\Alfredo\\Local Settings\\Application Data\\8a3ba9d3.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avcba925]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BCMSMMSG"
"hkey"="HKLM"
"command"="BCMSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccRegVfy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfg32"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\cfg32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndref_7"
"hkey"="HKLM"
"command"="C:\\\\dfndref_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer 2238]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dxvwmpti"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\dxvwmpti.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mptft"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\mptft.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fzzk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fzzkm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\fzzk\\fzzkm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjdxq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kvrfpr"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\System32\\kvrfpr.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssn6tuu"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLHostManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1125837605\\ee\\AOLHostManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdef_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdef_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Logi_MwX"
"hkey"="HKLM"
"command"="Logi_MwX.Exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="win32"
"hkey"="HKLM"
"command"="win32.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwnmac_6"
"hkey"="HKLM"
"command"="C:\\\\nwnmac_6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00001"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="testtestt"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\testtestt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="svchostsys"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vqzahjw]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Yrzozi"
"hkey"="HKLM"
"command"="C:\\Program Files\\Xijajb\\Yrzozi.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WatchDog"
"hkey"="HKLM"
"command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Jump Drive]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="JUMPDRIVE32"
"hkey"="HKLM"
"command"="JUMPDRIVE32.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Shell Interface]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wInterface"
"hkey"="HKLM"
"command"="wInterface.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSCFG16"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SYSCFG16.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="explorer"
"hkey"="HKCU"
"command"="explorer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscfg32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ssloop"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ssloop.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÿ_zsk^aqsjusn^_yicerc50inkrwksz_]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="_zskwrkni05creciy_^nsujsqa^"
"hkey"="HKCU"
"command"="c:\\windows\\system32\\_zskwrkni05creciy_^nsujsqa^.exe"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableTaskMgr REG_DWORD 0 (0x0)
DisableRegistryTools REG_DWORD 0 (0x0)

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Fri 07/28/2006 19:14:00.17
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

Smitrem log:

smitRem © log file
version 3.1

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Fri 07/28/2006
The current time is: 22:49:44.81

Running from
C:\Documents and Settings\Alfredo\Desktop\smitrem\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

checking for drsmartload2 key

drsmartload2 key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

amcompat.tlb
nscompat.tlb

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2020 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :)

EWIDO LOG:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:42:15 AM 7/29/2006

+ Scan result:

C:\WINDOWS\System32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).

::Report end

NEW HJT:

Logfile of HijackThis v1.99.1
Scan saved at 5:49:15 AM, on 7/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\aDOBE\dllhost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\imageaccess.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [Vjrva] C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\System32\javaw.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe

I did not find any Program by OIN and the files and folders to remove.

Thanks!!!

Vikesrock8411 · 07-31-2006, 01:48 PM

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

I see you have disabled some startup entries using MSConfig. This makes it diffcult for us to see all the infections present on your system because they are hidden from Hijackthis.

Please click Start>Run and type "msconfig".
On the "General" tab please click "Normal Startup- load all device drivers and services" and click OK.
Restart when prompted and then post a new Hijackthis log here.

Downloads(make sure to save these in a permanent location)
Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.

Download and use this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Brute Force Uninstaller to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Please double-click Killbox.exe to run it.
Select:
- Delete on Reboot
- then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\wintcc.exe
C:\Program Files\ecurit~1
C:\WINDOWS\ssloop.exe
C:\Program Files\Common Files\sstem3~1
C:\WINDOWS\appwiz64.exe
C:\WINDOWS\System32bez6n4r21.exe
C:\WINDOWS\system32\bez6n4r21.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\WINDOWS\imageaccess.exe
C:\WINDOWS\system32\winreg32.dll
C:\WINDOWS\system32\dfgdisp.dll
C:\Program Files\Xijajb
C:\WINDOWS\system32\icfgdiag.exe
C:\WINDOWS\system32\VSL03.exe
C:\doejo3k.exe
C:\WINDOWS\omotpedd.exe
C:\Documents and Settings\Alfredo\Application Data\racle~1
C:\WINDOWS\system32\VSL05.exe
C:\WINDOWS\win32085824710882006.exe
C:\WINDOWS\876056.exe
C:\WINDOWS\pf78.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ddegv.exe
C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe
C:\dfndref_7.exe
C:\WINDOWS\System32\dxvwmpti.exe
C:\WINDOWS\System32\mptft.exe
C:\PROGRA~1\COMMON~1\fzzk\fzzkm.exe
C:\WINDOWS\System32\kvrfpr.exe
C:\WINDOWS\System32\ssn6tuu.exe\
C:\Program Files\Internet Optimizer
C:\\kybrdef_7.exe
C:\\nwnmac_6.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\System32\testtestt.ex e
C:\Program Files\Common Files\svchostsys
C:\WINDOWS\SYSC00.exe
C:\Program Files\Xijajb
C:\WINDOWS\SYSCFG16.EXE
c:\windows\system32\_zskwrkni05creci y_^nsujsqa^.exe
C:\WINDOWS\system32\taskdir~.exe
C:\WINDOWS\System32\javaw.dll
C:\Documents and Settings\Alfredo\My Documents\crosof~1
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Go to Start > Run
Type:

regedit

Click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
- Make sure in that window there is a tick next to "All" under Export Branch.
  Leave the "Save As Type" as "Registration Files".
  Under "Filename" put backup
Choose to save it to C:\
Click save and then go to File > Exit.

This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.

Open Notepad and copy and paste everything from the box below.

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"=-
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"=-

Click on File, Save it to your desktop, in file name save as
Filename.reg
click OK.

Next go to your desktop and double click on Filename.reg, allow it to merge to the registry. It should give you a prompt "sucessfully merged".

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr
O4 - HKCU\..\Run: [Vjrva] C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe
O20 - AppInit_DLLs: C:\WINDOWS\System32\javaw.dll

Please remember to close all other windows, including browsers then click Fix checked.

Run a new scan with Hijackthis and post the log here.

carsfranchino · 07-31-2006, 06:06 PM

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:01:25 PM, on 7/31/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\imageaccess.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [Vqzahjw] C:\Program Files\Xijajb\Yrzozi.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Microsoft Windows] win32.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe"
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [Explorer 2238] C:\WINDOWS\System32\dxvwmpti.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [avcba925] RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - HKCU\..\Run: [8a3ba9d3.exe] C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

I couldn't use the "http://www.outerinfo.com/OiUninstaller.exe" uninstaller,
i got a window that reads "Your current security setting do not allow this file to be downloaded".

Thanks!!!

Vikesrock8411 · 07-31-2006, 06:22 PM

Ok, no big deal on the uninstaller. We took out all the files\filders with Killbox anyway.

I see you have two or more Antivirus programs installed. In this case there can be too much of a good thing. Multiple AV's bog down your system and may even cause crashes. I highly recommend you remove all but one Antivirus program using Windows Add/Remove Programs. If you have already odne so please inform me of which program you wish to keep.

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE
O4 - HKLM\..\Run: [Vqzahjw] C:\Program Files\Xijajb\Yrzozi.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Microsoft Windows] win32.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe"
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe
O4 - HKLM\..\Run: [Explorer 2238] C:\WINDOWS\System32\dxvwmpti.exe
O4 - HKLM\..\Run: [avcba925] RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKCU\..\Run: [8a3ba9d3.exe] C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe

Please remember to close all other windows, including browsers then click Fix checked.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner

Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
Click Scan Now
Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls

Begin the scan by selecting My Computer

If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually.

At the end of the scan click on see report. Then click Save report

Please post that log in your next reply.

In your next post please include:

Panda Activescan Log
A new Hijackthis! Log

carsfranchino · 08-01-2006, 04:45 AM

AV's:
I tried to install Panda at beginning but something happened during the installation and I'm not be able to run or remove that program now, so i installed Bit defender.
Now the ActiveX for Panda online is not working so i cannot run Panda.

HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 6:41:08 AM, on 8/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\imageaccess.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanks!!!

Vikesrock8411 · 08-01-2006, 11:37 AM

Follow these instructions for Panda's removal:

Download UNINST_v1011.exe

## It's IMPORTANT that you save this file to Desktop. This file should never be saved directly to the C:\ drive.

Double clicking UNINST_v1011.exe will open an MS-DOS window.
Press Y to start the process.
When the process completes, the message NEED REBOOT appears on screen.
Restart the computer to complete the process.

Note: This process could take a few minutes.

Run a new scan with Hijackthis and post the log here.

carsfranchino · 08-01-2006, 12:14 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:12:46 PM, on 8/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\imageaccess.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - avldr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanks!!!

Vikesrock8411 · 08-01-2006, 01:15 PM

Almost there, is the PC running better now?

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Services
Click Start->Run - type SERVICES.MSC & then click on the OK button

Locate the service - Windows Image Access
Double-click on it to open the Properties dialog.
- Under the General tab, note down the name of "Service name". We shall need it later.
- Stop the service by using the Stop button.
- Change the Startup type to Disabled & then click on the OK button
Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
In the popup box that appears, type in "Service name" & then click on the OK button

Reboot your system

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O20 - Winlogon Notify: avldr - avldr.dll (file missing)
O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe (file missing)

Please remember to close all other windows, including browsers then click Fix checked.

File and Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\WINDOWS\imageaccess.exe

carsfranchino · 08-01-2006, 02:24 PM

The PC is running good now!!!
This is my new HJT Log.

Thanks!!!

Logfile of HijackThis v1.99.1
Scan saved at 4:21:05 PM, on 8/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

carsfranchino · 08-01-2006, 04:12 PM

i could install Panda finally. This is the result of a full scan:

Panda Titanium 2006 Antivirus + Antispyware incident report

EVENT DATE RESULTS ADDITIONAL INFORMATION
----------------------------------------------------------------------------------------------------------------------------------------------
Scan completed 08/01/06 17:28:39 Scan: All My Computer
Adware detected: Adware/PurityScan 08/01/06 17:27:34 Eliminated Location: C:\Program Files\Adobe\dllhost.exe
Tracking program detected 08/01/06 17:21:14 Notified Location: C:\Documents and Settings...\Process.exe
Tracking program detected 08/01/06 17:21:06 Notified Location: C:\Documents...\smitRem.exe[Process.exe]
Adware detected: Adware/CommAd 08/01/06 16:59:38 Eliminated Location: C:\WINDOWS\QWxmbGVkbw\kqUAv3p4vT.vbs
Adware detected: Adware/Deskwizz 08/01/06 16:57:23 Eliminated Location: C:\bintheredunthat\RDFX4.exe
Virus detected: Trj/Prutec.AB 08/01/06 16:57:23 Disinfected Location: C:\bintheredunthat\Srwes.exe
Adware detected: Adware/2Z0o 08/01/06 16:57:23 Eliminated Location: C:\bintheredunthat\dnrqeth.exe
Scan started 08/01/06 16:53:45 Scan: All My Computer
Update 08/01/06 16:42:18 OK New version: 5.01.00
Update 08/01/06 16:41:29 OK New virus signatures: 14884

The computer is running good, i only want to make the startup faster. What i can changed/disabled to do that???

Thank you in advance!!!

Vikesrock8411 · 08-01-2006, 08:01 PM

You now have parts of Norton, Bitdefender and Panda Antivirus software on your PC. Please choose one and inform me which one you wish to keep.

carsfranchino · 08-01-2006, 09:23 PM

I will keep Panda.

Thanks!!!

Vikesrock8411 · 08-02-2006, 12:11 AM

Please open this page in Internet Explorer. Click the button that says "Run it Now". Install any required ActiveX controls and follow any prompts given.

Add/Remove Programs
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
Bit Defender

Reboot and post a new Hijackthis log.

carsfranchino · 08-02-2006, 07:02 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:36:04 AM, on 8/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\LUpgConf.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [LUPGCONF] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\LUpgConf.exe" /RunOnce:5_01_00
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks!!!

Vikesrock8411 · 08-02-2006, 01:17 PM

Perfect, we are now down to one AV. Is the startup still slow?

carsfranchino · 08-02-2006, 02:01 PM

Yes it's still slow but everything is running good. If i can do something to make it faster please let me know.
Thanks!!!

Vikesrock8411 · 08-03-2006, 11:52 AM

HijackThis!
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Please remember to close all other windows, including browsers then click Fix checked.

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.

Tick the checkbox - Turn off System Restore on all drives
Click Apply
Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.

carsfranchino · 08-03-2006, 12:53 PM

Everything runs good now. Thank you for your help!!!

07-26-2006, 07:04 PM	#1 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	Infected Computer. This is the HJT log, this computer have too many problems. Please help me when you get a chance. Thank you!!! Logfile of HijackThis v1.99.1 Scan saved at 8:55:02 PM, on 7/26/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\imageaccess.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\MRT.exe C:\WINDOWS\ssloop.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\aDOBE\dllhost.exe C:\Documents and Settings\Alfredo\Application Data\?racle\d?dplay.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\Alfredo\LOCALS~1\Temp\Rar$EX01.547\HijackThis.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si= R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfjjp.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mapnawa.exe O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Winsock2 driver] IPCNFG.EXE O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Jump Drive] JUMPDRIVE32.EXE O4 - HKLM\..\Run: [wscfg32] C:\WINDOWS\ssloop.exe O4 - HKLM\..\RunServices: [Windows System32] explorer.exe O4 - HKLM\..\RunServices: [Microsoft Windows] win32.exe O4 - HKLM\..\RunServices: [Windows Shell Interface] wInterface.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Windows System32] explorer.exe O4 - HKCU\..\Run: [fzzk] C:\PROGRA~1\COMMON~1\fzzk\fzzkm.exe O4 - HKCU\..\Run: [gjdxq] C:\WINDOWS\System32\kvrfpr.exe reg_run O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr O4 - HKCU\..\Run: [Ufdhmeia] C:\Documents and Settings\Alfredo\Application Data\?racle\d?dplay.exe O4 - HKCU\..\Run: [8a3ba9d3.exe] C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Alfredo\LOCALS~1\Temp\34.tmp3072.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [ÿ_zsk^aqsjusn^_yicerc50inkrwksz_] c:\windows\system32\_zskwrkni05creciy_^nsujsqa^.exe O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe O4 - HKCU\..\RunServices: [Windows System32] explorer.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: adslcomr.dll netiqosn.dll O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\p8r4li9q18.dll (file missing) O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: catswebv - C:\WINDOWS\System32\catswebv.dll (file missing) O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\lscmgr10.dll (file missing) O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\ksdgr1.dll (file missing) O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\System32\dxvwkxif.exe (file missing) O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll O21 - SSODL: WaQwpkjIlXB - {312816E6-9B82-BC4C-A3D4-94AC622A0E45} - C:\WINDOWS\System32\qtm.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe

07-28-2006, 04:19 PM	#2 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Hello and welcome to TSF I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. You are running Hijack This from a temporary directory. It needs to be in a permanent folder. Please follow these instructions to redownload Hijackthis and install it to a permanent folder: * Click here to download HJTsetup.exe Save HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Downloads(make sure to save these in a permanent location) smitRem.exe - Run it and extract it to it's own folder on the Desktop. Cleanup!- Install it. You will use this later. NOTE Cleanup deletes EVERYTHING out of temporary folders and does not make backups. Ewido Anti-Malware Install Ewido Anti-Malware Double-click the icon on Desktop to launch Ewido You will need to update Ewido to the latest definition files. On the top of the main screen click Shield Click the word active to change it to inactive On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. I also recommend changing the "Update interval" to something more reasonable like 12 hours. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. combofix.exe-Save it to your Desktop. Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall Next, please reboot your computer in Safe Mode by doing the following: Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, press F8. Instead of Windows loading as normal, a menu should appear Select the first option, to run Windows in Safe Mode. Add/Remove Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: PurityScan by OIN Snowball Wars by OIN Yazzle by OIN Outerinfo Cowabanga by OIN or any programs by OIN If none of these are listed please let me know HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si= R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\bfjjp.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,mapnawa. exe O4 - HKLM\..\Run: [Winsock2 driver] IPCNFG.EXE O4 - HKLM\..\Run: [Windows Jump Drive] JUMPDRIVE32.EXE O4 - HKLM\..\Run: [wscfg32] C:\WINDOWS\ssloop.exe O4 - HKLM\..\RunServices: [Windows System32] explorer.exe O4 - HKLM\..\RunServices: [Microsoft Windows] win32.exe O4 - HKLM\..\RunServices: [Windows Shell Interface] wInterface.exe O4 - HKCU\..\Run: [Windows System32] explorer.exe O4 - HKCU\..\Run: [fzzk] C:\PROGRA~1\COMMON~1\fzzk\fzzkm.exe O4 - HKCU\..\Run: [gjdxq] C:\WINDOWS\System32\kvrfpr.exe reg_run O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr O4 - HKCU\..\Run: [Ufdhmeia] C:\Documents and Settings\Alfredo\Application Data\?racle\d?dplay.exe O4 - HKCU\..\Run: [8a3ba9d3.exe] C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Alfredo\LOCALS~1\Temp\34.tmp3072.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O4 - HKCU\..\Run: [ÿ_zsk^aqsjusn^_yicerc50inkrwksz_] c:\windows\system32\_zskwrkni05creciy_^nsujsqa^.ex e O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe O4 - HKCU\..\RunServices: [Windows System32] explorer.exe O15 - Trusted Zone: http://click.getmirar.com (HKLM) O15 - Trusted Zone: http://click.mirarsearch.com (HKLM) O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM) O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O18 - Filter: text/html - (no CLSID) - (no file) O20 - AppInit_DLLs: adslcomr.dll netiqosn.dll O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\p8r4li9q18.dll (file missing) O20 - Winlogon Notify: catswebv - C:\WINDOWS\System32\catswebv.dll (file missing) O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\lscmgr10.dll (file missing) O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\ksdgr1.dll (file missing) O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\System32\dxvwkxif.exe (file missing) O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll O21 - SSODL: WaQwpkjIlXB - {312816E6-9B82-BC4C-A3D4-94AC622A0E45} - C:\WINDOWS\System32\qtm.dll (file missing) Please remember to close all other windows, including browsers then click Fix checked. File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\System32\2236_27.dll C:\WINDOWS\System32\bgk.dll C:\WINDOWS\System32\taskdir.exe c:\windows\system32\_zskwrkni05creciy_^nsujsqa^.exe C:\WINDOWS\ssloop.exe win32.exe <<Find via Start>Search wInterface.exe <<Find via Start>Search JUMPDRIVE32.EXE <<Find via Start>Search adslcomr.dll <<Find via Start>Search netiqosn.dll <<Find via Start>Search C:\PROGRAM Files\COMMON Files\fzzk C:\Program Files\Common Files\svchostsys C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe C:\Program Files\Purity Scan C:\Program Files\BraveSentry C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe Tools Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Next go to Control Panel click Display>Desktop>Customize Desktop>Web> Now, Uncheck Everything and delete if present: "Security Info" "Warning Message" "Security Desktop" "Warning Homepage" "Desktop Uninstall" Also make sure the 'Lock desktop items' box is unticked. Click OK, and then Click Apply, then OK. Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it’s checked. Click OK Press the CleanUp!* button to start the program. If prompted to reboot, click No. Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click on the Scan tab Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine Then click Apply all actions Once finished, click the Save report button, then click Save Report As and save it to your desktop. Reboot your system in Normal Mode. Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. That log will be located at C:\Combofix.txt and the previous log will be renamed to C:\combofixDateTime.txt Please post the contents of both logs. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall In your next post please include: Both Combofix logs Smitrem.txt Ewido Log A new Hijackthis! Log __________________

07-29-2006, 03:58 AM	#3 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	Results Combo Fix Logs: Start Time= Sat 07/29/2006 5:46:51.38 Running from: C:\Documents and Settings\Alfredo\Desktop QuickScan did not find any signs of infected files (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-29 05:47:02 81920 ( A.... ) "C:\WINDOWS\system32\javaw.dll" 2006-07-28 19:05:50 ( .D... ) "C:\Program Files\Hijackthis" 2006-07-28 18:33:34 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\Systweak" 2006-07-28 18:33:16 ( .D... ) "C:\Program Files\Advanced System Optimizer" 2006-07-27 20:45:04 ( .D... ) "C:\Program Files\WinZip" 2006-07-27 19:44:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-27 19:41:56 ( .D... ) "C:\Program Files\CleanUp!" 2006-07-27 19:19:52 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe" 2006-07-27 19:19:48 ( .D... ) "C:\Program Files\?ecurity" 2006-07-27 19:17:54 ( .D... ) "C:\Program Files\Spybot - Search & Destroy" 2006-07-26 20:32:32 137850 ( A..H. ) "C:\WINDOWS\ssloop.exe" 2006-07-26 20:30:44 ( .D... ) "C:\Program Files\MSXML 4.0" 2006-07-26 20:19:50 ( .D... ) "C:\Program Files\Common Files\s?stem32" 2006-07-26 20:01:54 29224 ( A..H. ) "C:\WINDOWS\pinf8.exe" 2006-07-26 19:56:06 ( .D... ) "C:\Program Files\Panda Software" 2006-07-26 19:37:32 0 ( A.... ) "C:\loaded.exe" 2006-07-26 19:28:00 ( .D... ) "C:\Program Files\Common Files\Panda Software" 2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys" 2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys" 2006-07-26 18:29:14 24111 ( A..H. ) "C:\WINDOWS\appwiz64.exe" 2006-07-26 18:25:42 28672 ( A.... ) "C:\WINDOWS\System32bez6n4r21.exe" 2006-07-26 18:25:02 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe" 2006-07-25 20:52:34 29415 ( A..H. ) "C:\WINDOWS\pinf0055.exe" 2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe" 2006-07-18 13:23:00 37888 ( ..SHR ) "C:\WINDOWS\imageaccess.exe" 2006-07-17 14:34:06 57344 ( A..H. ) "C:\WINDOWS\system32\winreg32.dll" 2006-07-17 14:34:06 26112 ( A..H. ) "C:\WINDOWS\system32\dfgdisp.dll" 2006-07-17 14:34:06 19917 ( A..H. ) "C:\WINDOWS\system32\icfgdiag.exe" 2006-07-17 11:08:18 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe" 2006-07-17 11:03:08 ( .D... ) "C:\Program Files\Xijajb" 2006-07-13 09:19:44 1512877 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\Install.dat" 2006-07-12 16:14:04 408 ( A.... ) "C:\doejo3k.exe" 2006-07-12 15:25:52 32768 ( A.... ) "C:\WINDOWS\omotpedd.exe" 2006-07-12 15:23:34 ( .D... ) "C:\Program Files\Common Files\partypoker" 2006-07-12 13:49:08 ( .D... ) "C:\Program Files\PartyPoker" 2006-07-12 13:41:20 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\?racle" 2006-07-12 13:40:10 ( .D... ) "C:\Program Files\àdobe" 2006-07-12 13:37:00 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe" 2006-07-12 13:36:06 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll" 2006-07-12 13:35:58 0 ( A.... ) "C:\WINDOWS\win32085824710882006.exe" 2006-07-12 13:35:26 232749 ( A.... ) "C:\WINDOWS\pf78.exe" 2006-07-08 18:59:38 1112 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\ViewerApp.dat" 2006-07-02 12:30:10 ( .D... ) "C:\Program Files\mobile PhoneTools" 2006-06-19 16:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe" 2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm" 2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm" 2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-29 05:47 81,920 C:\WINDOWS\system32\javaw.dll 2006-07-26 20:01 29,224 C:\WINDOWS\pinf8.exe 2006-07-26 19:56 49,152 C:\WINDOWS\system32\avldr.dll 2006-07-26 18:29 24,111 C:\WINDOWS\appwiz64.exe 2006-07-26 18:25 28,672 C:\WINDOWS\System32bez6n4r21.exe 2006-07-26 18:25 28,672 C:\WINDOWS\system32\bez6n4r21.exe 2006-07-26 18:24 1,163,264 C:\WINDOWS\system32\wfxqhv.exe 2006-07-25 20:52 29,415 C:\WINDOWS\pinf0055.exe 2006-07-18 13:23 37,888 C:\WINDOWS\imageaccess.exe 2006-07-17 14:34 57,344 C:\WINDOWS\system32\winreg32.dll 2006-07-17 14:34 26,112 C:\WINDOWS\system32\dfgdisp.dll 2006-07-17 14:34 19,917 C:\WINDOWS\system32\icfgdiag.exe 2006-07-17 14:34 137,850 C:\WINDOWS\ssloop.exe 2006-07-17 11:08 48,187 C:\WINDOWS\system32\VSL03.exe 2006-07-17 11:01 0 C:\loaded.exe 2006-07-12 15:25 32,768 C:\WINDOWS\omotpedd.exe 2006-07-12 15:15 408 C:\doejo3k.exe 2006-07-12 13:41 2 C:\WINDOWS\system32\wintcc.exe 2006-07-12 13:37 1,064 C:\WINDOWS\system32\avcba925.sys 2006-07-12 13:36 8,464 C:\WINDOWS\system32\sporder.dll 2006-07-12 13:36 48,167 C:\WINDOWS\system32\VSL05.exe 2006-07-12 13:35 232,749 C:\WINDOWS\pf78.exe 2006-07-12 13:35 0 C:\WINDOWS\win32085824710882006.exe 2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe 2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "Semr"="\"C:\\PROGRA~1\\aDOBE\\dllhost.exe\" -vt yazr" "Startup Manager"="C:\\Documents and Settings\\Alfredo\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe" "Vjrva"="C:\\Documents and Settings\\Alfredo\\My Documents\\??crosoft.NET\\w?nspool.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoActiveDesktopChanges"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] "backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check" "item"="America Online 9.0 Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ddegv.exe] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe" "location"="Common Startup" "command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe" "item"="ddegv" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8a3ba9d3.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="8a3ba9d3" "hkey"="HKCU" "command"="C:\\Documents and Settings\\Alfredo\\Local Settings\\Application Data\\8a3ba9d3.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="v1201" "hkey"="HKLM" "command"="C:\\WINDOWS\\v1201.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avcba925] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RUNDLL32" "hkey"="HKLM" "command"="RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCMSMMSG" "hkey"="HKLM" "command"="BCMSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccRegVfy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfg32" "hkey"="HKLM" "command"="C:\\WINDOWS\\cfg32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dfndref_7" "hkey"="HKLM" "command"="C:\\\\dfndref_7.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer 2238] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dxvwmpti" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\dxvwmpti.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mptft" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\mptft.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fzzk] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fzzkm" "hkey"="HKCU" "command"="C:\\PROGRA~1\\COMMON~1\\fzzk\\fzzkm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjdxq] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kvrfpr" "hkey"="HKCU" "command"="C:\\WINDOWS\\System32\\kvrfpr.exe reg_run" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ssn6tuu" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLHostManager" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1125837605\\ee\\AOLHostManager.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="optimize" "hkey"="HKLM" "command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kybrdef_7" "hkey"="HKLM" "command"="C:\\\\kybrdef_7.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logi_MwX" "hkey"="HKLM" "command"="Logi_MwX.Exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="win32" "hkey"="HKLM" "command"="win32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwnmac_6" "hkey"="HKLM" "command"="C:\\\\nwnmac_6.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ibm00001" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UsrPrmpt" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SNDMon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="testtestt" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\testtestt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="svchostsys" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSC00" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSC00.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vqzahjw] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Yrzozi" "hkey"="HKLM" "command"="C:\\Program Files\\Xijajb\\Yrzozi.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WatchDog" "hkey"="HKLM" "command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSCFG16" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSCFG16.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Jump Drive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="JUMPDRIVE32" "hkey"="HKLM" "command"="JUMPDRIVE32.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Shell Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="wInterface" "hkey"="HKLM" "command"="wInterface.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSCFG16" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSCFG16.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System32] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="explorer" "hkey"="HKCU" "command"="explorer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscfg32] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ssloop" "hkey"="HKLM" "command"="C:\\WINDOWS\\ssloop.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÿ_zsk^aqsjusn^_yicerc50inkrwksz_] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="_zskwrkni05creciy_^nsujsqa^" "hkey"="HKCU" "command"="c:\\windows\\system32\\_zskwrkni05creciy_^nsujsqa^.exe" "inimapping"="0" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableTaskMgr REG_DWORD 0 (0x0) DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: Sat 07/29/2006 5:47:06.81 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt ComboFix.2006-07-29.054651.txt Start Time= Fri 07/28/2006 19:09:58.90 Running from: C:\Documents and Settings\Alfredo\Desktop ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log )))))))))))))))))))))))))))))))))))))))))))))))))) HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * REGISTRY ENTRIES REMOVED: [HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}] @="" [HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\clsid\{2D547C28-9C2E-4371-AFF9-58E0794A9DA5}\InprocServer32] @="C:\\WINDOWS\\system32\\agcups.dll" "ThreadingModel"="Apartment" Granting sedebugprivilege to Administrators ... successful (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-07-28 19:05:50 ( .D... ) "C:\Program Files\Hijackthis" 2006-07-28 18:33:34 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\Systweak" 2006-07-28 18:33:16 ( .D... ) "C:\Program Files\Advanced System Optimizer" 2006-07-27 20:45:04 ( .D... ) "C:\Program Files\WinZip" 2006-07-27 19:44:12 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0" 2006-07-27 19:41:56 ( .D... ) "C:\Program Files\CleanUp!" 2006-07-27 19:19:52 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe" 2006-07-27 19:19:48 ( .D... ) "C:\Program Files\?ecurity" 2006-07-27 19:17:54 ( .D... ) "C:\Program Files\Spybot - Search & Destroy" 2006-07-26 20:32:32 137850 ( A..H. ) "C:\WINDOWS\ssloop.exe" 2006-07-26 20:30:44 ( .D... ) "C:\Program Files\MSXML 4.0" 2006-07-26 20:19:50 ( .D... ) "C:\Program Files\Common Files\s?stem32" 2006-07-26 20:01:54 29224 ( A..H. ) "C:\WINDOWS\pinf8.exe" 2006-07-26 19:56:06 ( .D... ) "C:\Program Files\Panda Software" 2006-07-26 19:37:32 0 ( A.... ) "C:\loaded.exe" 2006-07-26 19:36:12 8984 ( A.... ) "C:\WINDOWS\system32\taskdir~.exe" 2006-07-26 19:28:00 ( .D... ) "C:\Program Files\Common Files\Panda Software" 2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys" 2006-07-26 18:56:42 1064 ( A.... ) "C:\WINDOWS\system32\avcba925.sys" 2006-07-26 18:29:14 24111 ( A..H. ) "C:\WINDOWS\appwiz64.exe" 2006-07-26 18:25:42 28672 ( A.... ) "C:\WINDOWS\System32bez6n4r21.exe" 2006-07-26 18:25:40 45056 ( A.... ) "C:\WINDOWS\System32ghynf.exe" 2006-07-26 18:25:02 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe" 2006-07-25 20:52:34 29415 ( A..H. ) "C:\WINDOWS\pinf0055.exe" 2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe" 2006-07-18 13:23:00 37888 ( ..SHR ) "C:\WINDOWS\imageaccess.exe" 2006-07-17 14:34:06 57344 ( A..H. ) "C:\WINDOWS\system32\winreg32.dll" 2006-07-17 14:34:06 26112 ( A..H. ) "C:\WINDOWS\system32\dfgdisp.dll" 2006-07-17 14:34:06 19917 ( A..H. ) "C:\WINDOWS\system32\icfgdiag.exe" 2006-07-17 11:08:18 48187 ( A.... ) "C:\WINDOWS\system32\VSL03.exe" 2006-07-17 11:03:08 ( .D... ) "C:\Program Files\Xijajb" 2006-07-13 09:19:44 1512877 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\Install.dat" 2006-07-12 16:14:04 408 ( A.... ) "C:\doejo3k.exe" 2006-07-12 15:25:52 32768 ( A.... ) "C:\WINDOWS\omotpedd.exe" 2006-07-12 15:23:34 ( .D... ) "C:\Program Files\Common Files\partypoker" 2006-07-12 13:49:08 ( .D... ) "C:\Program Files\PartyPoker" 2006-07-12 13:41:20 ( .D... ) "C:\Documents and Settings\Alfredo\Application Data\?racle" 2006-07-12 13:40:10 ( .D... ) "C:\Program Files\àdobe" 2006-07-12 13:37:00 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe" 2006-07-12 13:36:06 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll" 2006-07-12 13:35:58 0 ( A.... ) "C:\WINDOWS\win32085824710882006.exe" 2006-07-12 13:35:26 232749 ( A.... ) "C:\WINDOWS\pf78.exe" 2006-07-08 18:59:38 1112 ( A.... ) "C:\Documents and Settings\Alfredo\Application Data\ViewerApp.dat" 2006-07-02 12:30:10 ( .D... ) "C:\Program Files\mobile PhoneTools" 2006-06-19 16:39:16 139264 ( A.... ) "C:\WINDOWS\876056.exe" 2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll" 2006-06-07 13:55:52 3753 ( A.... ) "C:\Program Files\html2.htm" 2006-06-07 13:55:52 3626 ( A.... ) "C:\Program Files\html1.htm" 2006-05-30 19:09:20 24576 ( A.... ) "C:\WINDOWS\Uninstall.exe" (((((((((((((((((((((((((((((((((((((( Files Created - Last 30days ))))))))))))))))))))))))))))))))))))))))))) 2006-07-26 20:01 29,224 C:\WINDOWS\pinf8.exe 2006-07-26 19:56 49,152 C:\WINDOWS\system32\avldr.dll 2006-07-26 18:29 24,111 C:\WINDOWS\appwiz64.exe 2006-07-26 18:25 45,056 C:\WINDOWS\System32ghynf.exe 2006-07-26 18:25 28,672 C:\WINDOWS\System32bez6n4r21.exe 2006-07-26 18:25 28,672 C:\WINDOWS\system32\bez6n4r21.exe 2006-07-26 18:24 1,163,264 C:\WINDOWS\system32\wfxqhv.exe 2006-07-25 20:52 29,415 C:\WINDOWS\pinf0055.exe 2006-07-18 13:23 37,888 C:\WINDOWS\imageaccess.exe 2006-07-17 14:34 57,344 C:\WINDOWS\system32\winreg32.dll 2006-07-17 14:34 26,112 C:\WINDOWS\system32\dfgdisp.dll 2006-07-17 14:34 19,917 C:\WINDOWS\system32\icfgdiag.exe 2006-07-17 14:34 137,850 C:\WINDOWS\ssloop.exe 2006-07-17 11:08 48,187 C:\WINDOWS\system32\VSL03.exe 2006-07-17 11:01 0 C:\loaded.exe 2006-07-13 09:20 8,984 C:\WINDOWS\system32\taskdir~.exe 2006-07-12 15:25 32,768 C:\WINDOWS\omotpedd.exe 2006-07-12 15:15 408 C:\doejo3k.exe 2006-07-12 13:41 2 C:\WINDOWS\system32\wintcc.exe 2006-07-12 13:37 1,064 C:\WINDOWS\system32\avcba925.sys 2006-07-12 13:36 8,464 C:\WINDOWS\system32\sporder.dll 2006-07-12 13:36 48,167 C:\WINDOWS\system32\VSL05.exe 2006-07-12 13:35 232,749 C:\WINDOWS\pf78.exe 2006-07-12 13:35 0 C:\WINDOWS\win32085824710882006.exe 2006-06-19 16:39 139,264 C:\WINDOWS\876056.exe 2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "AIM"="C:\\PROGRA~1\\AIM\\aim.exe -cnetwait.odl" "Semr"="\"C:\\PROGRA~1\\aDOBE\\dllhost.exe\" -vt yazr" "Startup Manager"="C:\\Documents and Settings\\Alfredo\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex] "flags"=dword:00000008 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] "backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check" "item"="America Online 9.0 Tray Icon" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ddegv.exe] "path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe" "location"="Common Startup" "command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ddegv.exe" "item"="ddegv" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] "backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE " "item"="WinZip Quick Pick" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\8a3ba9d3.exe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="8a3ba9d3" "hkey"="HKCU" "command"="C:\\Documents and Settings\\Alfredo\\Local Settings\\Application Data\\8a3ba9d3.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="v1201" "hkey"="HKLM" "command"="C:\\WINDOWS\\v1201.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avcba925] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RUNDLL32" "hkey"="HKLM" "command"="RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="BCMSMMSG" "hkey"="HKLM" "command"="BCMSMMSG.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccRegVfy] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ccRegVfy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuration Manager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cfg32" "hkey"="HKLM" "command"="C:\\WINDOWS\\cfg32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dfndref_7" "hkey"="HKLM" "command"="C:\\\\dfndref_7.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer 2238] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dxvwmpti" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\dxvwmpti.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftexc] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mptft" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\mptft.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fzzk] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="fzzkm" "hkey"="HKCU" "command"="C:\\PROGRA~1\\COMMON~1\\fzzk\\fzzkm.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gjdxq] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kvrfpr" "hkey"="HKCU" "command"="C:\\WINDOWS\\System32\\kvrfpr.exe reg_run" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hhl7RfpJ] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ssn6tuu" "hkey"="HKLM" "command"="\"C:\\WINDOWS\\System32\\ssn6tuu.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="AOLHostManager" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\AOL\\1125837605\\ee\\AOLHostManager.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="optimize" "hkey"="HKLM" "command"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="kybrdef_7" "hkey"="HKLM" "command"="C:\\\\kybrdef_7.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Logi_MwX" "hkey"="HKLM" "command"="Logi_MwX.Exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="win32" "hkey"="HKLM" "command"="win32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NEWDOT~2" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\newname] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="nwnmac_6" "hkey"="HKLM" "command"="C:\\\\nwnmac_6.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="NvCpl" "hkey"="HKLM" "command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ibm00001" "hkey"="HKCU" "command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UsrPrmpt" "hkey"="HKLM" "command"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SNDMon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="testtestt" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\testtestt.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys_up1] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="svchostsys" "hkey"="HKCU" "command"="C:\\Program Files\\Common Files\\svchostsys\\svchostsys.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSC00" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSC00.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vqzahjw] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Yrzozi" "hkey"="HKLM" "command"="C:\\Program Files\\Xijajb\\Yrzozi.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WatchDog" "hkey"="HKLM" "command"="C:\\Program Files\\mobile PhoneTools\\WatchDog.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows DLL Loader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSCFG16" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSCFG16.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Jump Drive] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="JUMPDRIVE32" "hkey"="HKLM" "command"="JUMPDRIVE32.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Shell Interface] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="wInterface" "hkey"="HKLM" "command"="wInterface.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System Configuration] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SYSCFG16" "hkey"="HKLM" "command"="C:\\WINDOWS\\SYSCFG16.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows System32] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="explorer" "hkey"="HKCU" "command"="explorer.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wscfg32] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ssloop" "hkey"="HKLM" "command"="C:\\WINDOWS\\ssloop.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ÿ_zsk^aqsjusn^_yicerc50inkrwksz_] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="_zskwrkni05creciy_^nsujsqa^" "hkey"="HKCU" "command"="c:\\windows\\system32\\_zskwrkni05creciy_^nsujsqa^.exe" "inimapping"="0" HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system DisableTaskMgr REG_DWORD 0 (0x0) DisableRegistryTools REG_DWORD 0 (0x0) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job C:\WINDOWS\tasks\Symantec NetDetect.job Completion time: Fri 07/28/2006 19:14:00.17 ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt Smitrem log: smitRem © log file version 3.1 by noahdfear Microsoft Windows XP [Version 5.1.2600] "IE"="6.0000" The current date is: Fri 07/28/2006 The current time is: 22:49:44.81 Running from C:\Documents and Settings\Alfredo\Desktop\smitrem\smitRem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pre-run SharedTask Export (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! checking for drsmartload2 key drsmartload2 key not present! spyaxe uninstaller NOT present Winhound uninstaller NOT present SpywareStrike uninstaller NOT present AlfaCleaner uninstaller NOT present SpyFalcon uninstaller NOT present SpywareQuake uninstaller NOT present SpywareSheriff uninstaller NOT present Trust Cleaner uninstaller NOT present SpyHeal uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ amcompat.tlb nscompat.tlb ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 2020 'explorer.exe' Starting registry repairs Registry repairs complete ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SharedTask Export after registry fix (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler) Copyright(C) 2006 BleepingComputer.com Registry Pseudo-Format Mode (Not a valid reg file): [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"="DCOM Server 2238" "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32] @="%SystemRoot%\System32\browseui.dll" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Deleting files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) EWIDO LOG: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 5:42:15 AM 7/29/2006 + Scan result: C:\WINDOWS\System32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined). ::Report end NEW HJT: Logfile of HijackThis v1.99.1 Scan saved at 5:49:15 AM, on 7/29/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\AIM\aim.exe C:\PROGRA~1\aDOBE\dllhost.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\imageaccess.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe O4 - HKCU\..\Run: [Vjrva] C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\WINDOWS\System32\javaw.dll O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe I did not find any Program by OIN and the files and folders to remove. Thanks!!!

07-31-2006, 01:48 PM	#4 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. I see you have disabled some startup entries using MSConfig. This makes it diffcult for us to see all the infections present on your system because they are hidden from Hijackthis. Please click Start>Run and type "msconfig". On the "General" tab please click "Normal Startup- load all device drivers and services" and click OK. Restart when prompted and then post a new Hijackthis log here. Downloads(make sure to save these in a permanent location) Please download the Killbox by Option^Explicit. Note: In the event you already have Killbox, this is a new version that I need you to download. Save it to your desktop. Download and use this uninstaller: http://www.outerinfo.com/OiUninstaller.exe Brute Force Uninstaller to your desktop. Right click the BFU folder on your desktop, and choose Extract All Click "Next" In the box to choose where to extract the files to, Click "Browse" Click on the + sign next to "My Computer" Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder" Type in BFU Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish". RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU). Please go to Start > My Computer and navigate to the C:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.) Wait for the complete script execution box to pop up and press OK. Press exit to terminate the BFU program. Please double-click Killbox.exe to run it. Select: Delete on Reboot then Click on the All Files button. Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\wintcc.exe C:\Program Files\ecurit~1 C:\WINDOWS\ssloop.exe C:\Program Files\Common Files\sstem3~1 C:\WINDOWS\appwiz64.exe C:\WINDOWS\System32bez6n4r21.exe C:\WINDOWS\system32\bez6n4r21.exe C:\WINDOWS\system32\wfxqhv.exe C:\WINDOWS\imageaccess.exe C:\WINDOWS\system32\winreg32.dll C:\WINDOWS\system32\dfgdisp.dll C:\Program Files\Xijajb C:\WINDOWS\system32\icfgdiag.exe C:\WINDOWS\system32\VSL03.exe C:\doejo3k.exe C:\WINDOWS\omotpedd.exe C:\Documents and Settings\Alfredo\Application Data\racle~1 C:\WINDOWS\system32\VSL05.exe C:\WINDOWS\win32085824710882006.exe C:\WINDOWS\876056.exe C:\WINDOWS\pf78.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ddegv.exe C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe C:\dfndref_7.exe C:\WINDOWS\System32\dxvwmpti.exe C:\WINDOWS\System32\mptft.exe C:\PROGRA~1\COMMON~1\fzzk\fzzkm.exe C:\WINDOWS\System32\kvrfpr.exe C:\WINDOWS\System32\ssn6tuu.exe\ C:\Program Files\Internet Optimizer C:\\kybrdef_7.exe C:\\nwnmac_6.exe C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe C:\WINDOWS\System32\testtestt.ex e C:\Program Files\Common Files\svchostsys C:\WINDOWS\SYSC00.exe C:\Program Files\Xijajb C:\WINDOWS\SYSCFG16.EXE c:\windows\system32\_zskwrkni05creci y_^nsujsqa^.exe C:\WINDOWS\system32\taskdir~.exe C:\WINDOWS\System32\javaw.dll C:\Documents and Settings\Alfredo\My Documents\crosof~1 Return to Killbox, go to the File menu, and choose Paste from Clipboard. Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!). If your computer does not restart automatically, please restart it manually. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again. Go to Start > Run Type: regedit Click OK. On the leftside, click to highlight My Computer at the top. Go up to "File > Export" Make sure in that window there is a tick next to "All" under Export Branch. Leave the "Save As Type" as "Registration Files". Under "Filename" put backup Choose to save it to C:\ Click save and then go to File > Exit. This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done. Open Notepad and copy and paste everything from the box below. Code: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{2C1CD3D7-86AC-4068-93BC-A02304BB2238}"=- "{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"=- Click on File, Save it to your desktop, in file name save as Filename.reg click OK. Next go to your desktop and double click on Filename.reg, allow it to merge to the registry. It should give you a prompt "sucessfully merged". HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R3 - URLSearchHook: (no name) - {C23F9E8B-053F-01B9-1876-2910962377C7} - C:\WINDOWS\System32\bgk.dll (file missing) R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O4 - HKCU\..\Run: [Semr] "C:\PROGRA~1\aDOBE\dllhost.exe" -vt yazr O4 - HKCU\..\Run: [Vjrva] C:\Documents and Settings\Alfredo\My Documents\??crosoft.NET\w?nspool.exe O20 - AppInit_DLLs: C:\WINDOWS\System32\javaw.dll Please remember to close all other windows, including browsers then click Fix checked. Run a new scan with Hijackthis and post the log here. __________________

07-31-2006, 06:06 PM	#5 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	HJT Log HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 8:01:25 PM, on 7/31/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Softwin\BitDefender9\bdmcon.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\Program Files\Softwin\BitDefender9\bdnagent.exe C:\Program Files\Softwin\BitDefender9\bdswitch.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\imageaccess.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe" O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe" O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [Vqzahjw] C:\Program Files\Xijajb\Yrzozi.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [Microsoft Windows] win32.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe" O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe O4 - HKLM\..\Run: [Explorer 2238] C:\WINDOWS\System32\dxvwmpti.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [avcba925] RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948 O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe O4 - HKCU\..\Run: [8a3ba9d3.exe] C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) I couldn't use the "http://www.outerinfo.com/OiUninstaller.exe" uninstaller, i got a window that reads "Your current security setting do not allow this file to be downloaded". Thanks!!!

07-31-2006, 06:22 PM	#6 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Ok, no big deal on the uninstaller. We took out all the files\filders with Killbox anyway. I see you have two or more Antivirus programs installed. In this case there can be too much of a good thing. Multiple AV's bog down your system and may even cause crashes. I highly recommend you remove all but one Antivirus program using Windows Add/Remove Programs. If you have already odne so please inform me of which program you wish to keep. HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O4 - HKLM\..\Run: [Windows System Configuration] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINDOWS\SYSCFG16.EXE O4 - HKLM\..\Run: [Vqzahjw] C:\Program Files\Xijajb\Yrzozi.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [Microsoft Windows] win32.exe O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\System32\ssn6tuu.exe" O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\System32\mptft.exe O4 - HKLM\..\Run: [Explorer 2238] C:\WINDOWS\System32\dxvwmpti.exe O4 - HKLM\..\Run: [avcba925] RUNDLL32.EXE w020f948.dll,n 001ba92400000003020f948 O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKCU\..\Run: [8a3ba9d3.exe] C:\Documents and Settings\Alfredo\Local Settings\Application Data\8a3ba9d3.exe Please remember to close all other windows, including browsers then click Fix checked. Online Scans Perform an online scan with Internet Explorer with Panda ActiveScan click on "Free use ActiveScan" located on the top right hand corner Click Scan your PC** & a 'pop up' window shall appear. ensure that your pop up blocker doesn't block it Click Scan Now* Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls Begin the scan by selecting My Computer If it finds any malware, it may ask you to purchase the program, this is not necessary we will take care of the entries manually. At the end of the scan click on see report. Then click Save report Please post that log in your next reply. In your next post please include: Panda Activescan Log A new Hijackthis! Log __________________

08-01-2006, 04:45 AM	#7 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	Results AV's: I tried to install Panda at beginning but something happened during the installation and I'm not be able to run or remove that program now, so i installed Bit defender. Now the ActiveX for Panda online is not working so i cannot run Panda. HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 6:41:08 AM, on 8/1/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\imageaccess.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Softwin\BitDefender9\bdmcon.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\program files\softwin\bitdefender9\bdnagent.exe C:\program files\softwin\bitdefender9\bdswitch.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe" O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Thanks!!!

08-01-2006, 11:37 AM	#8 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Follow these instructions for Panda's removal: Download UNINST_v1011.exe ## It's IMPORTANT that you save this file to Desktop. This file should never be saved directly to the C:\ drive. Double clicking UNINST_v1011.exe will open an MS-DOS window. Press Y to start the process. When the process completes, the message NEED REBOOT appears on screen. Restart the computer to complete the process. Note: This process could take a few minutes. Run a new scan with Hijackthis and post the log here. __________________

08-01-2006, 12:14 PM	#9 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	HJT Log Logfile of HijackThis v1.99.1 Scan saved at 2:12:46 PM, on 8/1/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Softwin\BitDefender9\bdmcon.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\Program Files\Softwin\BitDefender9\bdnagent.exe C:\Program Files\Softwin\BitDefender9\bdswitch.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\imageaccess.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe" O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avldr - avldr.dll (file missing) O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) Thanks!!!

08-01-2006, 01:15 PM	#10 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Almost there, is the PC running better now? Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Services Click Start->Run - type SERVICES.MSC & then click on the OK button Locate the service - Windows Image Access Double-click on it to open the Properties dialog. Under the General tab, note down the name of "Service name". We shall need it later. Stop the service by using the Stop button. Change the Startup type to Disabled & then click on the OK button Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service... In the popup box that appears, type in "Service name" & then click on the OK button Reboot your system HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O20 - Winlogon Notify: avldr - avldr.dll (file missing) O23 - Service: Windows Image Access - Unknown owner - C:\WINDOWS\imageaccess.exe (file missing) Please remember to close all other windows, including browsers then click Fix checked. File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\imageaccess.exe __________________

08-01-2006, 02:24 PM	#11 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	New HJT The PC is running good now!!! This is my new HJT Log. Thanks!!! Logfile of HijackThis v1.99.1 Scan saved at 4:21:05 PM, on 8/1/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Softwin\BitDefender9\bdmcon.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\Program Files\Softwin\BitDefender9\bdnagent.exe C:\Program Files\Softwin\BitDefender9\bdswitch.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe" O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe" O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

08-01-2006, 04:12 PM	#12 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	Panda i could install Panda finally. This is the result of a full scan: Panda Titanium 2006 Antivirus + Antispyware incident report EVENT DATE RESULTS ADDITIONAL INFORMATION ---------------------------------------------------------------------------------------------------------------------------------------------- Scan completed 08/01/06 17:28:39 Scan: All My Computer Adware detected: Adware/PurityScan 08/01/06 17:27:34 Eliminated Location: C:\Program Files\Adobe\dllhost.exe Tracking program detected 08/01/06 17:21:14 Notified Location: C:\Documents and Settings...\Process.exe Tracking program detected 08/01/06 17:21:06 Notified Location: C:\Documents...\smitRem.exe[Process.exe] Adware detected: Adware/CommAd 08/01/06 16:59:38 Eliminated Location: C:\WINDOWS\QWxmbGVkbw\kqUAv3p4vT.vbs Adware detected: Adware/Deskwizz 08/01/06 16:57:23 Eliminated Location: C:\bintheredunthat\RDFX4.exe Virus detected: Trj/Prutec.AB 08/01/06 16:57:23 Disinfected Location: C:\bintheredunthat\Srwes.exe Adware detected: Adware/2Z0o 08/01/06 16:57:23 Eliminated Location: C:\bintheredunthat\dnrqeth.exe Scan started 08/01/06 16:53:45 Scan: All My Computer Update 08/01/06 16:42:18 OK New version: 5.01.00 Update 08/01/06 16:41:29 OK New virus signatures: 14884 The computer is running good, i only want to make the startup faster. What i can changed/disabled to do that??? Thank you in advance!!!

08-01-2006, 08:01 PM	#13 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	You now have parts of Norton, Bitdefender and Panda Antivirus software on your PC. Please choose one and inform me which one you wish to keep. __________________

08-01-2006, 09:23 PM	#14 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	Antivirus I will keep Panda. Thanks!!!

08-02-2006, 12:11 AM	#15 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Please open this page in Internet Explorer. Click the button that says "Run it Now". Install any required ActiveX controls and follow any prompts given. Add/Remove Programs Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: Bit Defender Reboot and post a new Hijackthis log. __________________

08-02-2006, 07:02 AM	#16 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	HJT Log Logfile of HijackThis v1.99.1 Scan saved at 8:36:04 AM, on 8/2/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\apvxdwin.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\WebProxy.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\avtask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\LUpgConf.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\AIM\aim.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe C:\Program Files\Common Files\AOL\1125837605\ee\AOLServiceHost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125837605\ee\AOLHostManager.exe O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [LUPGCONF] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\LUpgConf.exe" /RunOnce:5_01_00 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Alfredo\Application Data\Systweak\ASO 2\smstartUp manager.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirate...GameLoader.dll O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147449489014 O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/gh...ugs/axhost.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/be...ploader_v7.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\FIREWALL\PNMSRV.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PsImSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Thanks!!!

08-02-2006, 01:17 PM	#17 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	Perfect, we are now down to one AV. Is the startup still slow? __________________

08-02-2006, 02:01 PM	#18 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	Startup Yes it's still slow but everything is running good. If i can do something to make it faster please let me know. Thanks!!!

08-03-2006, 11:52 AM	#19 (permalink)
Vikesrock8411 Analyst, Security Team Join Date: Jun 2005 Posts: 3,065 OS: Windows XP	HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Picture Package VCD Maker.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Please remember to close all other windows, including browsers then click Fix checked. Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved. Setting a new Restore Point Go to Start >> Run - type control sysdm.cpl,,4 & press Enter. Tick the checkbox - Turn off System Restore on all drives Click Apply Turn it back 'On' by unticking the same checkbox & click OK Windows Update Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site. Prevention A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include: AVG Free Avast! Home Edition (Antivirus & Firewall) AntiVir A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are: Zone Alarm Outpost Tiny Personal Firewall Sunbelt Kerio Personal Firewall Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed. Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses. IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC. The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed. Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all. Alternative Programs Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) Desktop Weather - Free taskbar weather program that is free, malware free, and resource light. Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. __________________

08-03-2006, 12:53 PM	#20 (permalink)
carsfranchino Registered User Join Date: Jun 2006 Posts: 83 OS: XP	Thanks!!! Everything runs good now. Thank you for your help!!!