Help - Explorer.exe, memory crucifiction!

†TYRANICK†™ · 01-24-2007, 11:27 AM

ok something really weird has started to happen, when I boot up my comp, and go to my computer, and double click my c:\ drive, all of a sudden (not all of my computer) but accessing into the bit were it shows program files and all that jazz, it freezes for about 10 seconds then it resumes

When I restarted my computer and decided to bring the task manager up, the same thing happened and as I looked at my "processes" I saw that "explorer.exe" was saying something like 305,466K after clicking my c:\ drive =S and i'm like WHAT THE HELL!?

I've done a system restore, virus scan, spyware scan, I have the latest and best availible software, I dunno if it's to do with a recent windows update or what, I even error check my C drive, I know for a fact nothing is wrong with the contents, and i have enough RAM to play hl2 3 times at once, I just can't get my head round this one.

Also to add on:

My explorer.exe is currently 31,092K, it's only when i go to click my C:\ drive it freezes up to 300,000 for a few seconds, i have used about 40 gig of 116 so far on my C:\ DRIVE, doesn't happen when I use my other 1, D:\, just see.

Can alcohol 120% be causing this? I recently thing its to do with the 1.3 patch for need for speed carbon but, it has eben left unresolved.

Because I stopped explorer.exe, and in task manager clicked new task, went into c:\ clicked program files, and it froze up for a moment again....now i'm confused, do I have to much installed?....rrrgh =(

More info, it started near after i installed my logitech rumble pad 2 controller thingy, yet system restore did not recall this problem...

It works perfectly in safe mode, i am now confused as hell, it must be one of my startup programs, but i have looked over google and i just can't find anything malicious that i'm running in wich i recognise.

Thanks in advance for all your help :)

Heres my log file:

Logfile of HijackThis v1.99.1
Scan saved at 18:22:13, on 24/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Greg George\My Documents\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\GREGGE~1\LOCALS~1\Temp\~DP4D.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {A2B9FB22-FD56-494D-B852-DEC331856D65} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165597754625
O17 - HKLM\System\CCS\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186
O17 - HKLM\System\CS3\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe (file missing)

†TYRANICK†™ · 01-25-2007, 12:29 PM

Bump!

†TYRANICK†™ · 01-26-2007, 09:03 AM

Bump!!!

Ried · 01-26-2007, 10:21 AM

Hello †TYRANICK†™ and welcome,

As you can see, we are very busy here and there are only so many of us. One of the Analysts will review your log as soon as possible.

Please refer to the Posting Rules found here Please, Read This Before Posting A Hijackthis Log.

Quote:

Posting Rules

2. Please be considerate of the fact that the people helping you are not being paid for this, and in fact usually have a job, and have a limited amount of time to help, and can only do so much. If no one has replied to your thread within 48hrs after you posted it, please reply in your thread with the word BUMP. to move it forward.

DO NOT Bump the thread unless 48 hours has passed. We generally work from oldest to newest posts... so your wait will be longer if you bump it forward before the 48 hours is up.

†TYRANICK†™ · 01-26-2007, 03:25 PM

Ok thanks and sorry lol, just a little edgey lol, take your time.

Ried · 01-26-2007, 10:22 PM

Hiya,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Download and install CleanUp! but do not run it yet. (Not Recommended for XP64).

--------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

Quote:

@echo off
sc stop "Win PPPe"
sc delete "Win PPPe"
exit

Double click FixServices.bat. A window will open and close. This is normal.

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

SpywareBot <--This program is known rogueware

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\GREGGE~1\LOCALS~1\Temp\~DP4D.dll (file missing)
O2 - BHO: (no name) - {A2B9FB22-FD56-494D-B852-DEC331856D65} - (no file)
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O20 - Winlogon Notify: jkkjj - C:\WINDOWS\

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folder if they still exist.

C:\Program Files\SpywareBot
C:\WINDOWS\system32\winser.exe

--------------------------------------------------------------------

*WARNING* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! or move them to a permanent location.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if it's checked.

Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on located at the bottom of the page.
A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

If it finds any malware, it will offer you a report.
Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Post the ComboFix.txt in your next reply.

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
ComboFix.txt
New HijackThis log

†TYRANICK†™ · 01-27-2007, 10:25 AM

Thankyou for your time

Here are all the logs in wich you requested, unfortunatly panda did not work as it seemed to stop halfway.

Hopefully this wouldn't be to much trouble, here are the other logs:

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 17:18:41, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165597754625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

AVG spy log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:37:07 27/01/2007

+ Scan result:

Nothing found.

::Report end

Combofix Log

"Greg George" - 07-01-27 17:02:57 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Greg George\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\install.exe
C:\WINDOWS\system32\components

((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))

2007-01-27 14:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-27 14:49 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-27 13:37 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-26 18:13 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Talkback
2007-01-26 16:44 <DIR> d-------- C:\DOCUME~1\GREGGE~1\amsn
2007-01-26 16:40 <DIR> d-------- C:\Program Files\aMSN
2007-01-26 07:33 <DIR> d-------- C:\Program Files\Electronic Arts
2007-01-26 01:24 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-01-26 00:16 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-01-26 00:16 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-01-25 23:28 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-01-25 23:28 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-01-25 23:28 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-01-25 23:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-01-25 23:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-01-25 23:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-01-25 23:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-01-25 23:28 <DIR> d-------- C:\Program Files\Sygate
2007-01-25 23:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-25 15:07 <DIR> d-------- C:\Program Files\NAMCO BANDAI Games
2007-01-25 15:07 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\InstallShield
2007-01-25 15:06 4,259 --a------ C:\WINDOWS\system32\sdbackup.reg
2007-01-24 18:06 <DIR> d-------- C:\Program Files\HJT
2007-01-23 21:41 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\Uniblue
2007-01-22 19:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-01-20 13:54 <DIR> d--h----- C:\Program Files\Free_PDF
2007-01-19 22:13 <DIR> d-------- C:\Program Files\iTunes
2007-01-19 22:13 <DIR> d-------- C:\Program Files\iPod
2007-01-19 15:37 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-01-19 15:37 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-01-19 15:37 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-01-19 15:37 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2007-01-19 15:37 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-01-11 21:39 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-01-11 18:26 <DIR> d-------- C:\Program Files\Media Player Classic
2007-01-10 23:57 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-10 23:43 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-01-07 11:19 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-07 11:12 839,936 --------- C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-07 11:12 4,960 --------- C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-07 11:12 4,224 --------- C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-07 11:12 3,968 --------- C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-07 11:12 27,776 --------- C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-07 11:12 18,432 --------- C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-07 11:12 <DIR> d-------- C:\Program Files\Grisoft
2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\AVG7
2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-06 02:07 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-01-06 02:07 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\PACE Anti-Piracy
2007-01-06 02:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PACE Anti-Piracy
2006-12-30 18:47 <DIR> d-------- C:\WINDOWS\Performance
2006-12-30 18:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2006-12-29 16:44 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab
2006-12-29 16:44 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\System Requirements Lab
2006-12-27 15:37 43,520 --------- C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-27 12:32 261,632 --------- C:\WINDOWS\system32\mcdvd_32.dll
2006-12-27 12:32 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2006-12-27 12:32 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2006-12-27 12:32 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\AVS4YOU
2006-12-27 12:02 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2006-12-27 11:54 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\Media Player Classic

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-27 15:08 -------- d-------- C:\Program Files\quicktime
2007-01-27 13:36 -------- d-------- C:\Program Files\mozilla firefox
2007-01-27 12:09 -------- d--h----- C:\Program Files\installshield installation information
2007-01-27 11:44 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\utorrent
2007-01-26 15:56 -------- d-------- C:\Program Files\bitcomet
2007-01-26 00:15 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-24 17:12 -------- d-------- C:\Program Files\logitech
2007-01-24 17:12 -------- d-------- C:\Program Files\ea games
2007-01-24 17:09 -------- d-------- C:\Program Files\google
2007-01-24 17:09 -------- d-------- C:\Program Files\apple software update
2007-01-20 13:51 -------- d-------- C:\Program Files\Common Files\easyinfo
2007-01-19 15:37 -------- d-------- C:\Program Files\Common Files\logitech
2007-01-16 16:05 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\xfire
2007-01-11 20:32 98304 --------- C:\WINDOWS\system32\cmdlineext.dll
2007-01-11 20:18 -------- d-------- C:\Program Files\thq
2007-01-10 23:16 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-06 02:07 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 16:15 -------- d---s---- C:\DOCUME~1\GREGGE~1\Application Data\microsoft
2007-01-03 14:22 21112 --a------ C:\DOCUME~1\GREGGE~1\Application Data\gdipfontcachev1.dat
2007-01-02 13:50 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\apple computer
2006-12-24 14:52 -------- d-------- C:\Program Files\java
2006-12-23 16:11 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\river past g5
2006-12-18 17:26 -------- d-------- C:\Program Files\windows media connect 2
2006-12-18 17:26 -------- d-------- C:\Program Files\movie maker
2006-12-18 17:26 -------- d-------- C:\Program Files\messenger
2006-12-18 17:26 -------- d-------- C:\Program Files\divx
2006-12-17 18:23 805062 ---hs---- C:\WINDOWS\system32\jjkkj.ini2
2006-12-17 18:19 804972 ---hs---- C:\WINDOWS\system32\jjkkj.bak2
2006-12-12 21:22 0 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-12 21:17 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\superadblocker.com
2006-12-12 19:58 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\lavasoft
2006-12-08 17:08 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\real
2006-12-08 01:36 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-07 23:53 0 --------- C:\WINDOWS\system32\heyrshjq.exe
2006-12-07 16:13 -------- d-------- C:\Program Files\Common Files\xing shared
2006-12-07 16:13 -------- d-------- C:\Program Files\Common Files\real
2006-12-07 16:12 -------- d-------- C:\Program Files\real
2006-12-07 16:10 176420 --------- C:\WINDOWS\galleryplayer images uninstaller.exe
2006-12-05 20:37 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\sereniti
2006-12-05 16:54 -------- d-------- C:\Program Files\realtek ac97
2006-12-05 16:54 -------- d-------- C:\Program Files\avrack
2006-12-03 17:36 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
2006-12-03 09:40 -------- d-------- C:\Program Files\Common Files\is3
2006-12-01 21:43 -------- d-------- C:\Program Files\msn messenger
2006-12-01 18:34 53248 --a------ C:\WINDOWS\system32\physxloader.dll
2006-11-30 20:36 -------- d-------- C:\Program Files\windows nt
2006-11-28 18:24 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\msn6
2006-11-28 16:58 670194 ---hs---- C:\WINDOWS\system32\jjkkj.bak1
2006-11-28 16:35 -------- d-------- C:\Program Files\utorrent
2006-11-28 16:28 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\azureus
2006-11-27 18:48 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\adobeum
2006-11-27 08:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpaneltraditionalchinese.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelswedish.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelspanish.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelsimplifiedchinese.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelportugese.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelkorean.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpaneljapanese.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelgerman.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelfrench.dll
2006-11-13 06:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-13 06:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 06:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-13 06:02 116736 --------- C:\WINDOWS\system32\aaclient.dll
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 08:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --------- C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-06 22:39 132096 --------- C:\WINDOWS\system32\gc.dll
2006-11-06 11:35 531568 --------- C:\WINDOWS\system32\rmactivate_isv.exe
2006-11-06 11:35 523376 --------- C:\WINDOWS\system32\rmactivate.exe
2006-11-06 11:35 519280 --------- C:\WINDOWS\system32\secproc_isv.dll
2006-11-06 11:35 518768 --------- C:\WINDOWS\system32\secproc.dll
2006-11-06 11:35 358000 --------- C:\WINDOWS\system32\rmactivate_ssp.exe
2006-11-06 11:35 354416 --------- C:\WINDOWS\system32\rmactivate_ssp_isv.exe
2006-11-06 11:35 323696 --------- C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --------- C:\WINDOWS\system32\secproc_ssp_isv.dll
2006-11-06 11:35 192624 --------- C:\WINDOWS\system32\secproc_ssp.dll
2006-11-04 14:14 1245696 --------- C:\WINDOWS\system32\msxml4.dll
2006-11-04 12:18 60416 --------- C:\WINDOWS\alcfdrtm.exe
2006-10-30 01:46 737280 --------- C:\WINDOWS\iun6002.exe
2006-10-30 01:12 0 -rahs---- C:\MSDOS.SYS
2006-10-30 01:12 0 -rahs---- C:\IO.SYS
2006-10-30 01:12 0 --a------ C:\CONFIG.SYS
2006-10-30 01:12 0 --a------ C:\AUTOEXEC.BAT
2006-10-30 01:04 62 --ahs---- C:\DOCUME~1\GREGGE~1\Application Data\desktop.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"EA Core"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent"
"WinMem"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
"Steam"=""
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"SoundMan"="SOUNDMAN.EXE"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"Alcohol.exe Autorun"="C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\" HIDEMAIN"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfa-a1bc-11db-ac79-000e50b7f52a}]
Shell\AutoRun\command F:\AutoPlay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfb-a1bc-11db-ac79-000e50b7f52a}]
Shell\AutoRun\command G:\AutoPlay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfc-a1bc-11db-ac79-000e50b7f52a}]
Shell\AutoRun\command H:\Setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90cbfbb2-a1b6-11db-ac78-000e50b7f52a}]
Shell\AutoRun\command F:\AutoPlay.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-27 17:04:40

All steps were fully followed in exact order

Now then can i rid of combo fix, the "fixservices".bat and turn the AVG shield on now?

†TYRANICK†™ · 01-27-2007, 11:37 AM

Btw, if you guys know any good PC utilities and registry cleaner/monitors please let me know =)

Ried · 01-27-2007, 09:15 PM

You can delete the FixServices.bat, but leave combofix for a while--we'll need it again.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Again, please carry out these instructions in the order given.

***************************************************

Download the attached tyra.zip file to your desktop.

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Delete the following files:

C:\WINDOWS\system32\ jjkkj.ini2
C:\WINDOWS\system32\ jjkkj.bak2
C:\WINDOWS\system32\ heyrshjq.exe
C:\WINDOWS\system32\ jjkkj.bak1

--------------------------------------------------------------------

Double click on the tyra.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry. You may delete it afterwards.

--------------------------------------------------------------------

We really need to have an online scan completed. Try to run this online scanner:

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

--------------------------------------------------------------------

As there was a Smitfraud entry in your msconfig and I'd like to be sure there are no other entries lurking about.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.

Select option #1 - Search by typing 1 and press "Enter"
A text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

-------------------------------------------------------

Run combofix.exe once again.

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

Kaspersky results
Smitfraud report
ComboFix.txt
New HijackThis log
Update on system behavior

†TYRANICK†™ · 01-28-2007, 06:17 AM

Ok great stuff, here are my logs (wich all worked yay

)

Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13:05:43, on 28/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Greg George\My Documents\Computer Components\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent
O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165597754625
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Kaspersky Results

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 28, 2007 12:59:05 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/01/2007
Kaspersky Anti-Virus database records: 262604
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 92720
Number of viruses found: 3
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:21:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Greg George\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\Greg George\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\History\History.IE5\MSHist012007012820070129\index.dat Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\Temp\~DF12A5.tmp Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\Temp\~DFA8AF.tmp Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\Temp\~DFDBA6.tmp Object is locked skipped
C:\Documents and Settings\Greg George\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Greg George\My Documents\My Music\to_download.php Infected: not-a-virus:AdWare.Win32.SearchPage skipped
C:\Documents and Settings\Greg George\My Documents\school stuff\Titration of oven cleaner.doc Object is locked skipped
C:\Documents and Settings\Greg George\ntuser.dat Object is locked skipped
C:\Documents and Settings\Greg George\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Greg George\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-01-28.11-22-12.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP53\A0017812.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP53\A0017813.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped
C:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP58\A0019428.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP96\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP96\change.log Object is locked skipped

Scan process completed.

SmitFraud Results

SmitFraudFix v2.137

Scan done at 13:00:40.14, 28/01/2007
Run from C:\Documents and Settings\Greg George\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg George

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg George\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GREGGE~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Combo Fix Results

"Greg George" - 07-01-28 13:01:41 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Greg George\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 ))))))))))))))))))))))))))))))))))

2007-01-28 13:00 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-28 13:00 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-28 13:00 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-28 13:00 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-28 13:00 4,146 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-28 13:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-28 13:00 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-28 13:00 <DIR> d-------- C:\DOCUME~1\GREGGE~1\SmitfraudFix
2007-01-27 19:36 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-01-27 19:03 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\Comodo
2007-01-27 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Comodo
2007-01-27 18:55 75,264 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-01-27 18:55 51,328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-01-27 18:55 <DIR> d-------- C:\Program Files\Comodo
2007-01-27 18:41 <DIR> d-------- C:\Program Files\WIN Doc Pro
2007-01-27 18:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-27 18:16 <DIR> d-------- C:\Program Files\AOL
2007-01-27 14:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-27 13:37 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-26 18:13 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Talkback
2007-01-26 16:44 <DIR> d-------- C:\DOCUME~1\GREGGE~1\amsn
2007-01-26 16:40 <DIR> d-------- C:\Program Files\aMSN
2007-01-26 07:33 <DIR> d-------- C:\Program Files\Electronic Arts
2007-01-26 01:24 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-01-26 00:16 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-01-26 00:16 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-01-25 23:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-25 15:07 <DIR> d-------- C:\Program Files\NAMCO BANDAI Games
2007-01-25 15:07 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\InstallShield
2007-01-25 15:06 4,259 --a------ C:\WINDOWS\system32\sdbackup.reg
2007-01-24 18:06 <DIR> d-------- C:\Program Files\HJT
2007-01-23 21:41 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\Uniblue
2007-01-22 19:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-01-20 13:54 <DIR> d--h----- C:\Program Files\Free_PDF
2007-01-19 22:13 <DIR> d-------- C:\Program Files\iTunes
2007-01-19 22:13 <DIR> d-------- C:\Program Files\iPod
2007-01-19 15:37 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-01-19 15:37 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-01-19 15:37 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-01-19 15:37 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2007-01-19 15:37 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-01-11 21:39 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-01-11 18:26 <DIR> d-------- C:\Program Files\Media Player Classic
2007-01-10 23:57 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-10 23:43 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2007-01-07 11:19 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-07 11:12 839,936 --------- C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-07 11:12 4,960 --------- C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-07 11:12 4,224 --------- C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-07 11:12 3,968 --------- C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-07 11:12 27,776 --------- C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-07 11:12 18,432 --------- C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-07 11:12 <DIR> d-------- C:\Program Files\Grisoft
2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\AVG7
2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-06 02:07 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-01-06 02:07 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\PACE Anti-Piracy
2007-01-06 02:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PACE Anti-Piracy
2006-12-30 18:47 <DIR> d-------- C:\WINDOWS\Performance
2006-12-30 18:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation
2006-12-29 16:44 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab
2006-12-29 16:44 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\System Requirements Lab

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-28 12:57 -------- d-------- C:\Program Files\mozilla firefox
2007-01-27 15:08 -------- d-------- C:\Program Files\quicktime
2007-01-27 12:09 -------- d--h----- C:\Program Files\installshield installation information
2007-01-27 11:44 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\utorrent
2007-01-26 15:56 -------- d-------- C:\Program Files\bitcomet
2007-01-26 00:15 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-24 17:12 -------- d-------- C:\Program Files\logitech
2007-01-24 17:12 -------- d-------- C:\Program Files\ea games
2007-01-24 17:09 -------- d-------- C:\Program Files\google
2007-01-24 17:09 -------- d-------- C:\Program Files\apple software update
2007-01-23 21:27 -------- d-------- C:\Program Files\combined community codec pack
2007-01-20 13:51 -------- d-------- C:\Program Files\Common Files\easyinfo
2007-01-19 15:37 -------- d-------- C:\Program Files\Common Files\logitech
2007-01-16 16:05 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\xfire
2007-01-11 20:32 98304 --------- C:\WINDOWS\system32\cmdlineext.dll
2007-01-11 20:18 -------- d-------- C:\Program Files\thq
2007-01-10 23:16 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-06 02:07 -------- d--h----- C:\Program Files\windowsupdate
2007-01-04 16:15 -------- d---s---- C:\DOCUME~1\GREGGE~1\Application Data\microsoft
2007-01-03 14:22 21112 --a------ C:\DOCUME~1\GREGGE~1\Application Data\gdipfontcachev1.dat
2007-01-02 13:50 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\apple computer
2007-01-01 14:52 43520 --------- C:\WINDOWS\system32\cmdlineext03.dll
2006-12-27 12:38 -------- d-------- C:\Program Files\Common Files\avsmedia
2006-12-27 12:32 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\avs4you
2006-12-27 11:54 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\media player classic
2006-12-24 14:52 -------- d-------- C:\Program Files\java
2006-12-23 16:11 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\river past g5
2006-12-18 17:26 -------- d-------- C:\Program Files\windows media connect 2
2006-12-18 17:26 -------- d-------- C:\Program Files\movie maker
2006-12-18 17:26 -------- d-------- C:\Program Files\messenger
2006-12-18 17:26 -------- d-------- C:\Program Files\divx
2006-12-17 18:23 805062 ---hs---- C:\WINDOWS\system32\jjkkj.ini2
2006-12-12 21:22 0 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-12 21:17 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\superadblocker.com
2006-12-12 19:58 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\lavasoft
2006-12-08 17:08 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\real
2006-12-08 01:36 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-07 16:13 -------- d-------- C:\Program Files\Common Files\xing shared
2006-12-07 16:13 -------- d-------- C:\Program Files\Common Files\real
2006-12-07 16:12 -------- d-------- C:\Program Files\real
2006-12-07 16:10 176420 --------- C:\WINDOWS\galleryplayer images uninstaller.exe
2006-12-05 20:37 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\sereniti
2006-12-05 16:54 -------- d-------- C:\Program Files\realtek ac97
2006-12-05 16:54 -------- d-------- C:\Program Files\avrack
2006-12-03 17:36 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
2006-12-03 09:40 -------- d-------- C:\Program Files\Common Files\is3
2006-12-01 21:43 -------- d-------- C:\Program Files\msn messenger
2006-12-01 18:34 53248 --a------ C:\WINDOWS\system32\physxloader.dll
2006-11-30 20:36 -------- d-------- C:\Program Files\windows nt
2006-11-28 18:24 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\msn6
2006-11-28 16:35 -------- d-------- C:\Program Files\utorrent
2006-11-28 16:28 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\azureus
2006-11-27 08:45 60416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpaneltraditionalchinese.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelswedish.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelspanish.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelsimplifiedchinese.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelportugese.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelkorean.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpaneljapanese.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelgerman.dll
2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelfrench.dll
2006-11-13 06:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-11-13 06:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-11-13 06:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-13 06:02 116736 --------- C:\WINDOWS\system32\aaclient.dll
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 08:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --------- C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-06 22:39 132096 --------- C:\WINDOWS\system32\gc.dll
2006-11-06 11:35 531568 --------- C:\WINDOWS\system32\rmactivate_isv.exe
2006-11-06 11:35 523376 --------- C:\WINDOWS\system32\rmactivate.exe
2006-11-06 11:35 519280 --------- C:\WINDOWS\system32\secproc_isv.dll
2006-11-06 11:35 518768 --------- C:\WINDOWS\system32\secproc.dll
2006-11-06 11:35 358000 --------- C:\WINDOWS\system32\rmactivate_ssp.exe
2006-11-06 11:35 354416 --------- C:\WINDOWS\system32\rmactivate_ssp_isv.exe
2006-11-06 11:35 323696 --------- C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --------- C:\WINDOWS\system32\secproc_ssp_isv.dll
2006-11-06 11:35 192624 --------- C:\WINDOWS\system32\secproc_ssp.dll
2006-11-04 14:14 1245696 --------- C:\WINDOWS\system32\msxml4.dll
2006-11-04 12:18 60416 --------- C:\WINDOWS\alcfdrtm.exe
2006-10-30 01:46 737280 --------- C:\WINDOWS\iun6002.exe
2006-10-30 01:12 0 -rahs---- C:\MSDOS.SYS
2006-10-30 01:12 0 -rahs---- C:\IO.SYS
2006-10-30 01:12 0 --a------ C:\CONFIG.SYS
2006-10-30 01:12 0 --a------ C:\AUTOEXEC.BAT
2006-10-30 01:04 62 --ahs---- C:\DOCUME~1\GREGGE~1\Application Data\desktop.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"EA Core"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent"
"WinMem"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe"
"Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
"Steam"=""
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"SoundMan"="SOUNDMAN.EXE"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect"
"LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation"
"Alcohol.exe Autorun"="C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg"
"BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\""
"ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\" HIDEMAIN"
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfa-a1bc-11db-ac79-000e50b7f52a}]
Shell\AutoRun\command F:\AutoPlay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfb-a1bc-11db-ac79-000e50b7f52a}]
Shell\AutoRun\command G:\AutoPlay.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfc-a1bc-11db-ac79-000e50b7f52a}]
Shell\AutoRun\command H:\Setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90cbfbb2-a1b6-11db-ac78-000e50b7f52a}]
Shell\AutoRun\command F:\AutoPlay.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 07-01-28 13:03:38
C:\ComboFix2.txt ... 07-01-27 17:04

Current System Performance

Is excellent! The Explorer.exe no longer uses up 99% of my memory when accessing C:\ drive, my system speed has increased also, games load faster and it would seem i no longer have to defrag game cache files to get my fps back to 200+ (since sometimes when i added things to garrysmod folder, and loaded up the game, the fps would be stuck at 30 ish, and i would have to defrag the game cache files for it to go back to 200+ so far this is no longer the case

)

I dont know what else to say, everything works great now, i just need to know if you can provide me with a good Pc utilities link like a registry checker/ cleaner thing just in case.

As you may see i already have spybot S&D AVG 7.5 full, Avg spyware killer, commodo firewall, and i shall be getting bitdefender antivirus v10 + soon enough since i loved that as it worked great!

Ried · 01-28-2007, 11:22 AM

Good, I'm pleased to hear your system is performing as expected.

Kaspersky did find an infected file--please delete the following file:

C:\Documents and Settings\Greg George\My Documents\My Music\ to_download.php

Quote:

I dont know what else to say, everything works great now, i just need to know if you can provide me with a good Pc utilities link like a registry checker/ cleaner thing just in case.

Depending on your needs and budget, there are many opinions to be had on that issue. You would do best discussing that in the Windows XP section and let the experts there guide you to a reliable program.

---------------------------------------------------

Just a few final steps and you're good to go.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

----------------------------------------------------------

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Enable Windows Auto Update
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

Download the McAfee Site Advisor--free. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, Bad.

Download SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Download Spyware Guard to catch and block spyware before it can execute.

Download IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

Now navigate to C:\ie-spyad. Double click to open it.
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list, by typing 2
Then return to the main menu.
Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein

MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Follow this list and your potential for being infected again will reduce dramatically.

†TYRANICK†™ · 01-30-2007, 06:49 AM

Thanks alot, everything does work brilliant now thanks. i will be sure to look around to become as secure as i can

01-24-2007, 11:27 AM	#1 (permalink)
†TYRANICK†™ Registered User Join Date: Jan 2007 Posts: 196 OS: Windows XP SP3 My System	Help - Explorer.exe, memory crucifiction! ok something really weird has started to happen, when I boot up my comp, and go to my computer, and double click my c:\ drive, all of a sudden (not all of my computer) but accessing into the bit were it shows program files and all that jazz, it freezes for about 10 seconds then it resumes When I restarted my computer and decided to bring the task manager up, the same thing happened and as I looked at my "processes" I saw that "explorer.exe" was saying something like 305,466K after clicking my c:\ drive =S and i'm like WHAT THE HELL!? I've done a system restore, virus scan, spyware scan, I have the latest and best availible software, I dunno if it's to do with a recent windows update or what, I even error check my C drive, I know for a fact nothing is wrong with the contents, and i have enough RAM to play hl2 3 times at once, I just can't get my head round this one. Also to add on: My explorer.exe is currently 31,092K, it's only when i go to click my C:\ drive it freezes up to 300,000 for a few seconds, i have used about 40 gig of 116 so far on my C:\ DRIVE, doesn't happen when I use my other 1, D:\, just see. Can alcohol 120% be causing this? I recently thing its to do with the 1.3 patch for need for speed carbon but, it has eben left unresolved. Because I stopped explorer.exe, and in task manager clicked new task, went into c:\ clicked program files, and it froze up for a moment again....now i'm confused, do I have to much installed?....rrrgh =( More info, it started near after i installed my logitech rumble pad 2 controller thingy, yet system restore did not recall this problem... It works perfectly in safe mode, i am now confused as hell, it must be one of my startup programs, but i have looked over google and i just can't find anything malicious that i'm running in wich i recognise. Thanks in advance for all your help :) Heres my log file: Logfile of HijackThis v1.99.1 Scan saved at 18:22:13, on 24/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Greg George\My Documents\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - (no file) O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\GREGGE~1\LOCALS~1\Temp\~DP4D.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {A2B9FB22-FD56-494D-B852-DEC331856D65} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165597754625 O17 - HKLM\System\CCS\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186 O17 - HKLM\System\CS1\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186 O17 - HKLM\System\CS3\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: jkkjj - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe (file missing)

01-27-2007, 10:25 AM	#7 (permalink)
†TYRANICK†™ Registered User Join Date: Jan 2007 Posts: 196 OS: Windows XP SP3 My System	Logs Thankyou for your time Here are all the logs in wich you requested, unfortunatly panda did not work as it seemed to stop halfway. Hopefully this wouldn't be to much trouble, here are the other logs: Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 17:18:41, on 27/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165597754625 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186 O17 - HKLM\System\CS1\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe AVG spy log --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 14:37:07 27/01/2007 + Scan result: Nothing found. ::Report end Combofix Log "Greg George" - 07-01-27 17:02:57 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Greg George\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\install.exe C:\WINDOWS\system32\components ((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 )))))))))))))))))))))))))))))))))) 2007-01-27 14:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-01-27 14:49 <DIR> d-------- C:\WINDOWS\LastGood 2007-01-27 13:37 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-01-26 18:13 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Talkback 2007-01-26 16:44 <DIR> d-------- C:\DOCUME~1\GREGGE~1\amsn 2007-01-26 16:40 <DIR> d-------- C:\Program Files\aMSN 2007-01-26 07:33 <DIR> d-------- C:\Program Files\Electronic Arts 2007-01-26 01:24 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-01-26 00:16 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-01-26 00:16 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-01-25 23:28 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll 2007-01-25 23:28 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys 2007-01-25 23:28 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys 2007-01-25 23:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys 2007-01-25 23:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys 2007-01-25 23:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys 2007-01-25 23:28 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys 2007-01-25 23:28 <DIR> d-------- C:\Program Files\Sygate 2007-01-25 23:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-01-25 15:07 <DIR> d-------- C:\Program Files\NAMCO BANDAI Games 2007-01-25 15:07 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\InstallShield 2007-01-25 15:06 4,259 --a------ C:\WINDOWS\system32\sdbackup.reg 2007-01-24 18:06 <DIR> d-------- C:\Program Files\HJT 2007-01-23 21:41 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\Uniblue 2007-01-22 19:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-01-20 13:54 <DIR> d--h----- C:\Program Files\Free_PDF 2007-01-19 22:13 <DIR> d-------- C:\Program Files\iTunes 2007-01-19 22:13 <DIR> d-------- C:\Program Files\iPod 2007-01-19 15:37 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2007-01-19 15:37 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2007-01-19 15:37 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2007-01-19 15:37 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll 2007-01-19 15:37 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2007-01-11 21:39 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-01-11 18:26 <DIR> d-------- C:\Program Files\Media Player Classic 2007-01-10 23:57 <DIR> d-------- C:\WINDOWS\ie7updates 2007-01-10 23:43 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-01-07 11:19 <DIR> dr-h----- C:\$VAULT$.AVG 2007-01-07 11:12 839,936 --------- C:\WINDOWS\system32\drivers\avg7core.sys 2007-01-07 11:12 4,960 --------- C:\WINDOWS\system32\drivers\avgtdi.sys 2007-01-07 11:12 4,224 --------- C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-01-07 11:12 3,968 --------- C:\WINDOWS\system32\drivers\avgclean.sys 2007-01-07 11:12 27,776 --------- C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-01-07 11:12 18,432 --------- C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-01-07 11:12 <DIR> d-------- C:\Program Files\Grisoft 2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7 2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\AVG7 2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft 2007-01-06 02:07 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy 2007-01-06 02:07 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\PACE Anti-Piracy 2007-01-06 02:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PACE Anti-Piracy 2006-12-30 18:47 <DIR> d-------- C:\WINDOWS\Performance 2006-12-30 18:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation 2006-12-29 16:44 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab 2006-12-29 16:44 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\System Requirements Lab 2006-12-27 15:37 43,520 --------- C:\WINDOWS\system32\CmdLineExt03.dll 2006-12-27 12:32 261,632 --------- C:\WINDOWS\system32\mcdvd_32.dll 2006-12-27 12:32 24,576 --------- C:\WINDOWS\system32\msxml3a.dll 2006-12-27 12:32 <DIR> d-------- C:\Program Files\Common Files\AVSMedia 2006-12-27 12:32 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\AVS4YOU 2006-12-27 12:02 <DIR> d-------- C:\Program Files\Combined Community Codec Pack 2006-12-27 11:54 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\Media Player Classic (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-27 15:08 -------- d-------- C:\Program Files\quicktime 2007-01-27 13:36 -------- d-------- C:\Program Files\mozilla firefox 2007-01-27 12:09 -------- d--h----- C:\Program Files\installshield installation information 2007-01-27 11:44 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\utorrent 2007-01-26 15:56 -------- d-------- C:\Program Files\bitcomet 2007-01-26 00:15 -------- d-------- C:\Program Files\Common Files\wise installation wizard 2007-01-24 17:12 -------- d-------- C:\Program Files\logitech 2007-01-24 17:12 -------- d-------- C:\Program Files\ea games 2007-01-24 17:09 -------- d-------- C:\Program Files\google 2007-01-24 17:09 -------- d-------- C:\Program Files\apple software update 2007-01-20 13:51 -------- d-------- C:\Program Files\Common Files\easyinfo 2007-01-19 15:37 -------- d-------- C:\Program Files\Common Files\logitech 2007-01-16 16:05 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\xfire 2007-01-11 20:32 98304 --------- C:\WINDOWS\system32\cmdlineext.dll 2007-01-11 20:18 -------- d-------- C:\Program Files\thq 2007-01-10 23:16 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-06 02:07 -------- d--h----- C:\Program Files\windowsupdate 2007-01-04 16:15 -------- d---s---- C:\DOCUME~1\GREGGE~1\Application Data\microsoft 2007-01-03 14:22 21112 --a------ C:\DOCUME~1\GREGGE~1\Application Data\gdipfontcachev1.dat 2007-01-02 13:50 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\apple computer 2006-12-24 14:52 -------- d-------- C:\Program Files\java 2006-12-23 16:11 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\river past g5 2006-12-18 17:26 -------- d-------- C:\Program Files\windows media connect 2 2006-12-18 17:26 -------- d-------- C:\Program Files\movie maker 2006-12-18 17:26 -------- d-------- C:\Program Files\messenger 2006-12-18 17:26 -------- d-------- C:\Program Files\divx 2006-12-17 18:23 805062 ---hs---- C:\WINDOWS\system32\jjkkj.ini2 2006-12-17 18:19 804972 ---hs---- C:\WINDOWS\system32\jjkkj.bak2 2006-12-12 21:22 0 --a------ C:\WINDOWS\system32\mspaint.exe 2006-12-12 21:17 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\superadblocker.com 2006-12-12 19:58 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\lavasoft 2006-12-08 17:08 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\real 2006-12-08 01:36 -------- d-------- C:\Program Files\Common Files\symantec shared 2006-12-07 23:53 0 --------- C:\WINDOWS\system32\heyrshjq.exe 2006-12-07 16:13 -------- d-------- C:\Program Files\Common Files\xing shared 2006-12-07 16:13 -------- d-------- C:\Program Files\Common Files\real 2006-12-07 16:12 -------- d-------- C:\Program Files\real 2006-12-07 16:10 176420 --------- C:\WINDOWS\galleryplayer images uninstaller.exe 2006-12-05 20:37 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\sereniti 2006-12-05 16:54 -------- d-------- C:\Program Files\realtek ac97 2006-12-05 16:54 -------- d-------- C:\Program Files\avrack 2006-12-03 17:36 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe 2006-12-03 09:40 -------- d-------- C:\Program Files\Common Files\is3 2006-12-01 21:43 -------- d-------- C:\Program Files\msn messenger 2006-12-01 18:34 53248 --a------ C:\WINDOWS\system32\physxloader.dll 2006-11-30 20:36 -------- d-------- C:\Program Files\windows nt 2006-11-28 18:24 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\msn6 2006-11-28 16:58 670194 ---hs---- C:\WINDOWS\system32\jjkkj.bak1 2006-11-28 16:35 -------- d-------- C:\Program Files\utorrent 2006-11-28 16:28 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\azureus 2006-11-27 18:48 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\adobeum 2006-11-27 08:45 60416 --------- C:\WINDOWS\system32\tzchange.exe 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpaneltraditionalchinese.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelswedish.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelspanish.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelsimplifiedchinese.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelportugese.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelkorean.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpaneljapanese.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelgerman.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelfrench.dll 2006-11-13 06:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll 2006-11-13 06:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll 2006-11-13 06:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll 2006-11-13 06:02 116736 --------- C:\WINDOWS\system32\aaclient.dll 2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 08:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --------- C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-06 22:39 132096 --------- C:\WINDOWS\system32\gc.dll 2006-11-06 11:35 531568 --------- C:\WINDOWS\system32\rmactivate_isv.exe 2006-11-06 11:35 523376 --------- C:\WINDOWS\system32\rmactivate.exe 2006-11-06 11:35 519280 --------- C:\WINDOWS\system32\secproc_isv.dll 2006-11-06 11:35 518768 --------- C:\WINDOWS\system32\secproc.dll 2006-11-06 11:35 358000 --------- C:\WINDOWS\system32\rmactivate_ssp.exe 2006-11-06 11:35 354416 --------- C:\WINDOWS\system32\rmactivate_ssp_isv.exe 2006-11-06 11:35 323696 --------- C:\WINDOWS\system32\msdrm.dll 2006-11-06 11:35 192624 --------- C:\WINDOWS\system32\secproc_ssp_isv.dll 2006-11-06 11:35 192624 --------- C:\WINDOWS\system32\secproc_ssp.dll 2006-11-04 14:14 1245696 --------- C:\WINDOWS\system32\msxml4.dll 2006-11-04 12:18 60416 --------- C:\WINDOWS\alcfdrtm.exe 2006-10-30 01:46 737280 --------- C:\WINDOWS\iun6002.exe 2006-10-30 01:12 0 -rahs---- C:\MSDOS.SYS 2006-10-30 01:12 0 -rahs---- C:\IO.SYS 2006-10-30 01:12 0 --a------ C:\CONFIG.SYS 2006-10-30 01:12 0 --a------ C:\AUTOEXEC.BAT 2006-10-30 01:04 62 --ahs---- C:\DOCUME~1\GREGGE~1\Application Data\desktop.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "EA Core"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent" "WinMem"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe" "Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe" "Steam"="" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "SoundMan"="SOUNDMAN.EXE" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect" "LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation" "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui" "Alcohol.exe Autorun"="C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe /startup" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\"" "ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\" HIDEMAIN" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{1a01a98c-4f25-42e1-971a-185cf63569b2}"="expatriates" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfa-a1bc-11db-ac79-000e50b7f52a}] Shell\AutoRun\command F:\AutoPlay.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfb-a1bc-11db-ac79-000e50b7f52a}] Shell\AutoRun\command G:\AutoPlay.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfc-a1bc-11db-ac79-000e50b7f52a}] Shell\AutoRun\command H:\Setup.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90cbfbb2-a1b6-11db-ac78-000e50b7f52a}] Shell\AutoRun\command F:\AutoPlay.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 07-01-27 17:04:40 All steps were fully followed in exact order Now then can i rid of combo fix, the "fixservices".bat and turn the AVG shield on now? Last edited by †TYRANICK†™; 01-27-2007 at 10:26 AM.

01-27-2007, 09:15 PM	#9 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 26,883 OS: WinXP and Vista	You can delete the FixServices.bat, but leave combofix for a while--we'll need it again. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. Again, please carry out these instructions in the order given. ************************************************* Download the attached tyra.zip file to your desktop. -------------------------------------------------------------------- Close any open browsers. -------------------------------------------------------------------- Delete the following files: C:\WINDOWS\system32\ jjkkj.ini2 C:\WINDOWS\system32\ jjkkj.bak2 C:\WINDOWS\system32\ heyrshjq.exe C:\WINDOWS\system32\ jjkkj.bak1 -------------------------------------------------------------------- Double click on the tyra.zip folder, then double click on the .reg file within. Click yes to allow it to merge into your registry. You may delete it afterwards. -------------------------------------------------------------------- We really need to have an online scan completed. Try to run this online scanner: Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply -------------------------------------------------------------------- As there was a Smitfraud entry in your msconfig and I'd like to be sure there are no other entries lurking about. Please download SmitfraudFix (by S!Ri) to your Desktop. Double-click smitfraudfix.exe to start the tool. Select option #1 - Search by typing 1 and press "Enter"** A text file will appear which lists infected files (if present). Please copy/paste the content of that report into your next reply. IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so! ------------------------------------------------------- Run combofix.exe once again. -------------------------------------------------------------------- Run a new scan with HijackThis and save the log. -------------------------------------------------------------------- Please include the following in your next reply: Kaspersky results Smitfraud report ComboFix.txt New HijackThis log Update on system behavior __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul." Last edited by Ried; 03-02-2007 at 07:53 AM.

01-28-2007, 06:17 AM	#10 (permalink)
†TYRANICK†™ Registered User Join Date: Jan 2007 Posts: 196 OS: Windows XP SP3 My System	Thanks Reid =) Ok great stuff, here are my logs (wich all worked yay ) Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 13:05:43, on 28/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Logitech\Video\CameraAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Greg George\My Documents\Computer Components\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [Alcohol.exe Autorun] C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe /startup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent O4 - HKCU\..\Run: [WinMem] C:\Program Files\WinCleaner Memory Optimizer\WinMemOpt.exe O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165597754625 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186 O17 - HKLM\System\CS1\Services\Tcpip\..\{11138133-7B59-4A2E-B5EA-4686CEA49187}: NameServer = 80.225.250.178 80.225.250.186 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe Kaspersky Results ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, January 28, 2007 12:59:05 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/01/2007 Kaspersky Anti-Virus database records: 262604 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 92720 Number of viruses found: 3 Number of infected objects: 4 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:21:38 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\Greg George\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped C:\Documents and Settings\Greg George\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\History\History.IE5\MSHist012007012820070129\index.dat Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\Temp\~DF12A5.tmp Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\Temp\~DFA8AF.tmp Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\Temp\~DFDBA6.tmp Object is locked skipped C:\Documents and Settings\Greg George\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Greg George\My Documents\My Music\to_download.php Infected: not-a-virus:AdWare.Win32.SearchPage skipped C:\Documents and Settings\Greg George\My Documents\school stuff\Titration of oven cleaner.doc Object is locked skipped C:\Documents and Settings\Greg George\ntuser.dat Object is locked skipped C:\Documents and Settings\Greg George\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Greg George\UserData\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-01-28.11-22-12.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP53\A0017812.dll Infected: not-a-virus:AdTool.Win32.WhenU.i skipped C:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP53\A0017813.exe Infected: not-a-virus:AdTool.Win32.WhenU.i skipped C:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP58\A0019428.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped C:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP96\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{4A32483E-1FFF-46B2-A410-F175EAB2AB8E}\RP96\change.log Object is locked skipped Scan process completed. SmitFraud Results SmitFraudFix v2.137 Scan done at 13:00:40.14, 28/01/2007 Run from C:\Documents and Settings\Greg George\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg George »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg George\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GREGGE~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Combo Fix Results "Greg George" - 07-01-28 13:01:41 Service Pack 2 ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Greg George\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 )))))))))))))))))))))))))))))))))) 2007-01-28 13:00 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe 2007-01-28 13:00 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-01-28 13:00 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-01-28 13:00 40,960 --a------ C:\WINDOWS\system32\swsc.exe 2007-01-28 13:00 4,146 --a------ C:\WINDOWS\system32\tmp.reg 2007-01-28 13:00 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-01-28 13:00 135,168 --a------ C:\WINDOWS\system32\swreg.exe 2007-01-28 13:00 <DIR> d-------- C:\DOCUME~1\GREGGE~1\SmitfraudFix 2007-01-27 19:36 <DIR> d-------- C:\Program Files\Common Files\Stardock 2007-01-27 19:03 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\Comodo 2007-01-27 19:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Comodo 2007-01-27 18:55 75,264 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys 2007-01-27 18:55 51,328 --a------ C:\WINDOWS\system32\drivers\inspect.sys 2007-01-27 18:55 <DIR> d-------- C:\Program Files\Comodo 2007-01-27 18:41 <DIR> d-------- C:\Program Files\WIN Doc Pro 2007-01-27 18:21 <DIR> d-------- C:\Program Files\Lavasoft 2007-01-27 18:16 <DIR> d-------- C:\Program Files\AOL 2007-01-27 14:49 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-01-27 13:37 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-01-26 18:13 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application Data\Talkback 2007-01-26 16:44 <DIR> d-------- C:\DOCUME~1\GREGGE~1\amsn 2007-01-26 16:40 <DIR> d-------- C:\Program Files\aMSN 2007-01-26 07:33 <DIR> d-------- C:\Program Files\Electronic Arts 2007-01-26 01:24 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys 2007-01-26 00:16 <DIR> d-------- C:\WINDOWS\system32\AGEIA 2007-01-26 00:16 <DIR> d-------- C:\Program Files\AGEIA Technologies 2007-01-25 23:06 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-01-25 15:07 <DIR> d-------- C:\Program Files\NAMCO BANDAI Games 2007-01-25 15:07 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\InstallShield 2007-01-25 15:06 4,259 --a------ C:\WINDOWS\system32\sdbackup.reg 2007-01-24 18:06 <DIR> d-------- C:\Program Files\HJT 2007-01-23 21:41 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\Uniblue 2007-01-22 19:14 <DIR> d-------- C:\WINDOWS\BDOSCAN8 2007-01-20 13:54 <DIR> d--h----- C:\Program Files\Free_PDF 2007-01-19 22:13 <DIR> d-------- C:\Program Files\iTunes 2007-01-19 22:13 <DIR> d-------- C:\Program Files\iPod 2007-01-19 15:37 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys 2007-01-19 15:37 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys 2007-01-19 15:37 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys 2007-01-19 15:37 163,840 --a------ C:\WINDOWS\system32\WmJoyFrc.dll 2007-01-19 15:37 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys 2007-01-11 21:39 <DIR> d-------- C:\Program Files\Alcohol Soft 2007-01-11 18:26 <DIR> d-------- C:\Program Files\Media Player Classic 2007-01-10 23:57 <DIR> d-------- C:\WINDOWS\ie7updates 2007-01-10 23:43 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-01-07 11:19 <DIR> dr-h----- C:\$VAULT$.AVG 2007-01-07 11:12 839,936 --------- C:\WINDOWS\system32\drivers\avg7core.sys 2007-01-07 11:12 4,960 --------- C:\WINDOWS\system32\drivers\avgtdi.sys 2007-01-07 11:12 4,224 --------- C:\WINDOWS\system32\drivers\avg7rsw.sys 2007-01-07 11:12 3,968 --------- C:\WINDOWS\system32\drivers\avgclean.sys 2007-01-07 11:12 27,776 --------- C:\WINDOWS\system32\drivers\avg7rsxp.sys 2007-01-07 11:12 18,432 --------- C:\WINDOWS\system32\drivers\avgmfx86.sys 2007-01-07 11:12 <DIR> d-------- C:\Program Files\Grisoft 2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7 2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\AVG7 2007-01-07 11:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft 2007-01-06 02:07 <DIR> d-------- C:\Program Files\Common Files\PACE Anti-Piracy 2007-01-06 02:07 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\PACE Anti-Piracy 2007-01-06 02:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\PACE Anti-Piracy 2006-12-30 18:47 <DIR> d-------- C:\WINDOWS\Performance 2006-12-30 18:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation 2006-12-29 16:44 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab 2006-12-29 16:44 <DIR> d-------- C:\DOCUME~1\GREGGE~1\Application Data\System Requirements Lab (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-01-28 12:57 -------- d-------- C:\Program Files\mozilla firefox 2007-01-27 15:08 -------- d-------- C:\Program Files\quicktime 2007-01-27 12:09 -------- d--h----- C:\Program Files\installshield installation information 2007-01-27 11:44 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\utorrent 2007-01-26 15:56 -------- d-------- C:\Program Files\bitcomet 2007-01-26 00:15 -------- d-------- C:\Program Files\Common Files\wise installation wizard 2007-01-24 17:12 -------- d-------- C:\Program Files\logitech 2007-01-24 17:12 -------- d-------- C:\Program Files\ea games 2007-01-24 17:09 -------- d-------- C:\Program Files\google 2007-01-24 17:09 -------- d-------- C:\Program Files\apple software update 2007-01-23 21:27 -------- d-------- C:\Program Files\combined community codec pack 2007-01-20 13:51 -------- d-------- C:\Program Files\Common Files\easyinfo 2007-01-19 15:37 -------- d-------- C:\Program Files\Common Files\logitech 2007-01-16 16:05 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\xfire 2007-01-11 20:32 98304 --------- C:\WINDOWS\system32\cmdlineext.dll 2007-01-11 20:18 -------- d-------- C:\Program Files\thq 2007-01-10 23:16 646392 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-01-06 02:07 -------- d--h----- C:\Program Files\windowsupdate 2007-01-04 16:15 -------- d---s---- C:\DOCUME~1\GREGGE~1\Application Data\microsoft 2007-01-03 14:22 21112 --a------ C:\DOCUME~1\GREGGE~1\Application Data\gdipfontcachev1.dat 2007-01-02 13:50 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\apple computer 2007-01-01 14:52 43520 --------- C:\WINDOWS\system32\cmdlineext03.dll 2006-12-27 12:38 -------- d-------- C:\Program Files\Common Files\avsmedia 2006-12-27 12:32 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\avs4you 2006-12-27 11:54 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\media player classic 2006-12-24 14:52 -------- d-------- C:\Program Files\java 2006-12-23 16:11 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\river past g5 2006-12-18 17:26 -------- d-------- C:\Program Files\windows media connect 2 2006-12-18 17:26 -------- d-------- C:\Program Files\movie maker 2006-12-18 17:26 -------- d-------- C:\Program Files\messenger 2006-12-18 17:26 -------- d-------- C:\Program Files\divx 2006-12-17 18:23 805062 ---hs---- C:\WINDOWS\system32\jjkkj.ini2 2006-12-12 21:22 0 --a------ C:\WINDOWS\system32\mspaint.exe 2006-12-12 21:17 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\superadblocker.com 2006-12-12 19:58 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\lavasoft 2006-12-08 17:08 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\real 2006-12-08 01:36 -------- d-------- C:\Program Files\Common Files\symantec shared 2006-12-07 16:13 -------- d-------- C:\Program Files\Common Files\xing shared 2006-12-07 16:13 -------- d-------- C:\Program Files\Common Files\real 2006-12-07 16:12 -------- d-------- C:\Program Files\real 2006-12-07 16:10 176420 --------- C:\WINDOWS\galleryplayer images uninstaller.exe 2006-12-05 20:37 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\sereniti 2006-12-05 16:54 -------- d-------- C:\Program Files\realtek ac97 2006-12-05 16:54 -------- d-------- C:\Program Files\avrack 2006-12-03 17:36 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe 2006-12-03 09:40 -------- d-------- C:\Program Files\Common Files\is3 2006-12-01 21:43 -------- d-------- C:\Program Files\msn messenger 2006-12-01 18:34 53248 --a------ C:\WINDOWS\system32\physxloader.dll 2006-11-30 20:36 -------- d-------- C:\Program Files\windows nt 2006-11-28 18:24 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\msn6 2006-11-28 16:35 -------- d-------- C:\Program Files\utorrent 2006-11-28 16:28 -------- d-------- C:\DOCUME~1\GREGGE~1\Application Data\azureus 2006-11-27 08:45 60416 --------- C:\WINDOWS\system32\tzchange.exe 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpaneltraditionalchinese.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelswedish.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelspanish.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelsimplifiedchinese.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelportugese.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelkorean.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpaneljapanese.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelgerman.dll 2006-11-22 11:37 45056 --a------ C:\WINDOWS\system32\agcpanelfrench.dll 2006-11-13 06:02 36352 --------- C:\WINDOWS\system32\tsgqec.dll 2006-11-13 06:02 288768 --------- C:\WINDOWS\system32\rhttpaa.dll 2006-11-13 06:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll 2006-11-13 06:02 116736 --------- C:\WINDOWS\system32\aaclient.dll 2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll 2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll 2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll 2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll 2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll 2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll 2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll 2006-11-07 08:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe 2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll 2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll 2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll 2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll 2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe 2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll 2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll 2006-11-07 03:26 13312 --------- C:\WINDOWS\system32\ieudinit.exe 2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll 2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2006-11-06 22:39 132096 --------- C:\WINDOWS\system32\gc.dll 2006-11-06 11:35 531568 --------- C:\WINDOWS\system32\rmactivate_isv.exe 2006-11-06 11:35 523376 --------- C:\WINDOWS\system32\rmactivate.exe 2006-11-06 11:35 519280 --------- C:\WINDOWS\system32\secproc_isv.dll 2006-11-06 11:35 518768 --------- C:\WINDOWS\system32\secproc.dll 2006-11-06 11:35 358000 --------- C:\WINDOWS\system32\rmactivate_ssp.exe 2006-11-06 11:35 354416 --------- C:\WINDOWS\system32\rmactivate_ssp_isv.exe 2006-11-06 11:35 323696 --------- C:\WINDOWS\system32\msdrm.dll 2006-11-06 11:35 192624 --------- C:\WINDOWS\system32\secproc_ssp_isv.dll 2006-11-06 11:35 192624 --------- C:\WINDOWS\system32\secproc_ssp.dll 2006-11-04 14:14 1245696 --------- C:\WINDOWS\system32\msxml4.dll 2006-11-04 12:18 60416 --------- C:\WINDOWS\alcfdrtm.exe 2006-10-30 01:46 737280 --------- C:\WINDOWS\iun6002.exe 2006-10-30 01:12 0 -rahs---- C:\MSDOS.SYS 2006-10-30 01:12 0 -rahs---- C:\IO.SYS 2006-10-30 01:12 0 --a------ C:\CONFIG.SYS 2006-10-30 01:12 0 --a------ C:\AUTOEXEC.BAT 2006-10-30 01:04 62 --ahs---- C:\DOCUME~1\GREGGE~1\Application Data\desktop.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "EA Core"="\"C:\\Program Files\\Electronic Arts\\EA Link\\Core.exe\" -silent" "WinMem"="C:\\Program Files\\WinCleaner Memory Optimizer\\WinMemOpt.exe" "Uniblue Registry Booster"="C:\\Program Files\\Uniblue\\Registry Booster\\RegistryBooster.exe /S" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe" "Steam"="" "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe" "ASUS SmartDoctor"="C:\\Program Files\\ASUS\\SmartDoctor\\SmartDoctor.exe /start" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "SoundMan"="SOUNDMAN.EXE" "nwiz"="nwiz.exe /install" "NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit" "LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "LogitechVideo[inspector]"="C:\\Program Files\\Logitech\\Video\\InstallHelper.exe /inspect" "LogitechCameraService(E)"="C:\\WINDOWS\\system32\\ElkCtrl.exe /automation" "Alcohol.exe Autorun"="C:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe /startup" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "LogitechCameraAssistant"="C:\\Program Files\\Logitech\\Video\\CameraAssistant.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "BDMCon"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdmcon.exe\" /reg" "BDAgent"="\"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe\"" "ASM"="\"C:\\Program Files\\AOL\\Active Security Monitor\\ASMonitor.exe\" HIDEMAIN" "COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 Usnsvc REG_MULTI_SZ usnsvc\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfa-a1bc-11db-ac79-000e50b7f52a}] Shell\AutoRun\command F:\AutoPlay.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfb-a1bc-11db-ac79-000e50b7f52a}] Shell\AutoRun\command G:\AutoPlay.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44671dfc-a1bc-11db-ac79-000e50b7f52a}] Shell\AutoRun\command H:\Setup.exe [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90cbfbb2-a1b6-11db-ac78-000e50b7f52a}] Shell\AutoRun\command F:\AutoPlay.exe Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Completion time: 07-01-28 13:03:38 C:\ComboFix2.txt ... 07-01-27 17:04 Current System Performance Is excellent! The Explorer.exe no longer uses up 99% of my memory when accessing C:\ drive, my system speed has increased also, games load faster and it would seem i no longer have to defrag game cache files to get my fps back to 200+ (since sometimes when i added things to garrysmod folder, and loaded up the game, the fps would be stuck at 30 ish, and i would have to defrag the game cache files for it to go back to 200+ so far this is no longer the case ) I dont know what else to say, everything works great now, i just need to know if you can provide me with a good Pc utilities link like a registry checker/ cleaner thing just in case. As you may see i already have spybot S&D AVG 7.5 full, Avg spyware killer, commodo firewall, and i shall be getting bitdefender antivirus v10 + soon enough since i loved that as it worked great!

01-25-2007, 12:29 PM	#2 (permalink)
†TYRANICK†™ Registered User Join Date: Jan 2007 Posts: 196 OS: Windows XP SP3 My System	Bump!

01-26-2007, 09:03 AM	#3 (permalink)
†TYRANICK†™ Registered User Join Date: Jan 2007 Posts: 196 OS: Windows XP SP3 My System	Bump!!!

01-26-2007, 03:25 PM	#5 (permalink)
†TYRANICK†™ Registered User Join Date: Jan 2007 Posts: 196 OS: Windows XP SP3 My System	Ok thanks and sorry lol, just a little edgey lol, take your time.

01-27-2007, 11:37 AM	#8 (permalink)
†TYRANICK†™ Registered User Join Date: Jan 2007 Posts: 196 OS: Windows XP SP3 My System	Btw, if you guys know any good PC utilities and registry cleaner/monitors please let me know =)

01-30-2007, 06:49 AM	#12 (permalink)
†TYRANICK†™ Registered User Join Date: Jan 2007 Posts: 196 OS: Windows XP SP3 My System	Thanks alot, everything does work brilliant now thanks. i will be sure to look around to become as secure as i can