Swizzer 8 bk driving me crazy.

[rextobadownstai]

Any help to remove this would be greatly appreciated. I hope the log file tells all.
Thanks, Rex


Logfile of HijackThis v1.99.1
Scan saved at 10:34:31 AM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared

Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\TheWeatherNetwork\WeatherEye\WeatherEye

.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and

Settings\allofus\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\

Internet Settings,ProxyServer = http://proxy:8080
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper -

{601ED020-FB6C-11D3-87D8-0050DA59922B} -

C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -

{AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: WebManager Class -

{D5792AA9-D373-4039-8670-2CDAB6A71F15} -

C:\Program Files\BitRoll\TorrentManager.dll
O3 - Toolbar: Adobe PDF -

{47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched]

"C:\Program

Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC]

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Defender]

"C:\Program Files\Windows

Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program

Files\Ulead Systems\Ulead VideoStudio

10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe

SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [TrojanScanner] C:\Program

Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bleh Online]

C:\DOCUME~1\allofus\APPLIC~1\REMOTE~1\poll

aim team.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program

Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - Global Startup: Adobe Acrobat Speed

Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk =

C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to

Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to

existing PDF - res://C:\Program

Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected

links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLi

nks.html
O8 - Extra context menu item: Convert selected

links to existing PDF - res://C:\Program

Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLi

nks.html
O8 - Extra context menu item: Convert selection to

Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to

existing PDF - res://C:\Program

Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe

PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing

PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft

Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.E

XE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) -

{85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender

Online Scanner v8 -

{85d1f590-48f4-11d9-9669-0800200c9a66} -

%windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF:

{00C0A1F2-D492-4DBA-A8E2-76CB1B791724}

(TNPLDownloader Control) -

https://dtwx2.accuweather.com/tnpl_awda/client/do

wnload/TNPLDownloader.cab
O16 - DPF:

{05317530-B882-449D-9421-18D94FA3ED34}

(OSInfo Control) -

http://www.sis.com/ocis/OSInfo.cab
O16 - DPF:

{0E8D0700-75DF-11D3-8B4A-0008C7450C4A}

(DjVuCtl Class) -

http://downloadcenter.samsung.com/content/comm

on/cab/DjVuControlLite_EN.cab
O16 - DPF:

{16095503-786F-4097-AED6-5D567A26D760}

(SiS_OCX Control) -

http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF:

{17D72920-7A15-11D4-921E-0080C8DA7A5E}

(AimSp32 Class) -

http://makeover.ivillage.co.uk/save/makeover.cab
O16 - DPF:

{266B9238-31A5-4B53-9039-272FE846DF9D}

(DiameterTransfer Control) -

http://www.sis.com/download/SISTransfer.cab
O16 - DPF:

{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) -

http://download.bitdefender.com/resources/scan8/o

scan8.cab
O16 - DPF:

{5ED80217-570B-4DA9-BF44-BE107C0EC166}

(Windows Live Safety Center Base Module) -

https://scan.safety.live.com/resource/download/sca

nner/en-us/wlscbase7617.cab
O16 - DPF:

{639658F3-B141-4D6B-B936-226F75A5EAC3}

(CPlayFirstDinerDash2Control Object) -

http://www.shockwave.com/content/dinerdash2/sis/

DinerDash2.1.0.0.67.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5C

ontrols/en/x86/client/wuweb_site.cab?11436887370

46
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5

Controls/en/x86/client/muweb_site.cab?115810702

8640
O16 - DPF:

{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}

(Virtools WebPlayer Class) -

http://a532.g.akamai.net/f/532/6712/5m/virtools.dow

nload.akamai.com/6712/player/install/installer.exe
O16 - DPF:

{F10C33E8-4EC0-4369-B365-730450CF5A09}

(CPlayFirstDDTumsControl Object) -

http://www.gamehouse.com/games/DinerDash.cab
O16 - DPF:

{F127B9BA-89EA-4B04-9C67-2074A9DF61FD}

(Photo Upload Plugin Class) -

http://walmart.pnimedia.com/upload/activex/v2_0_0

_9/PCAXSetupv2.0.0.9.cab?
O20 - Winlogon Notify: WgaLogon -

C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj -

{AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems

- C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server

(Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc)

- GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS)

(RichVideo) - Unknown owner - C:\Program

Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper

(UleadBurningHelper) - Ulead Systems, Inc. -

C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe

[rextobadownstai]

I have done all the steps as recommended. During Trend Micro Housecall scan AVG popped up announcing a threat however it was not picked up Housecall. If I need to supply more info please let me know.
Thanks in advance, Rex

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

Please do this:

1. Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges.
2. Close all applications and windows.
3. Double-click on comboscan.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - ComboScan.txt
5. Copy and paste the contents of ComboScan.txthere
6. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
7. Please Attach Supplementary.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:
   

   C:\ComboScan\Supplementary.txt

3. Click Upload.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

---------------------------------------------------------------------------------------------

[rextobadownstai]

ComboScan v20070210.12 run by allofus on 2007-02-10 at 23:07:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.


-- HijackThis log (run as allofus.com) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:08:16 PM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\allofus\Desktop\comboscan.exe
C:\DOCUME~1\allofus\LOCALS~1\Temp\~djkdulg.tmp\allofus.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.majorgeeks.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_a...Downloader.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase7617.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/din...2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143688737046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158107028640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/games/DinerDash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- HijackThis Fixed Entries (C:\Program Files\HJT\hijackthis\backups\) ----------

backup-20070210-222311-244 O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
backup-20070210-222311-254 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070210-222311-337 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070210-222311-429 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy:8080
backup-20070210-222311-864 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - unable to read value
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3 Afc (PPdus ASPI Shell) - system32\drivers\Afc.sys
1 Avg7Core (AVG7 Kernel) - \SystemRoot\System32\Drivers\avg7core.sys
1 Avg7RsW (AVG7 Wrap Driver) - \SystemRoot\System32\Drivers\avg7rsw.sys
1 Avg7RsXP (AVG7 Resident Driver XP) - \SystemRoot\System32\Drivers\avg7rsxp.sys
1 AvgClean (AVG7 Clean Driver) - \SystemRoot\System32\Drivers\avgclean.sys
3 CCDECODE (Closed Caption Decoder) - system32\DRIVERS\CCDECODE.sys
3 cmuda (C-Media WDM Audio Interface) - system32\drivers\cmuda.sys
3 DUBE100 (D-Link DUB-E100 USB 2.0 to Fast Ethernet Adapter) - System32\DRIVERS\DUBE100.sys
3 ENTECH - \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys
0 gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) - System32\DRIVERS\gagp30kx.sys
3 HidUsb (Microsoft HID Class Driver) - system32\DRIVERS\hidusb.sys
3 JL2005 (JL2005A Camera) - System32\Drivers\toywdm.sys
1 kbdhid (Keyboard HID Driver) - system32\DRIVERS\kbdhid.sys
3 mouhid (Mouse HID Driver) - System32\DRIVERS\mouhid.sys
3 MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - system32\drivers\MSTEE.sys
3 NABTSFEC (NABTS/FEC VBI Codec) - system32\DRIVERS\NABTSFEC.sys
3 NdisIP (Microsoft TV/Video Connection) - system32\DRIVERS\NdisIP.sys
0 PCIIde - System32\DRIVERS\pciide.sys
3 SiS315 - system32\DRIVERS\sisgrp.sys
1 SiSkp - system32\DRIVERS\srvkp.sys
3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - System32\DRIVERS\sisnic.sys
0 SiSRaid - system32\DRIVERS\SiSRaid.sys
3 SLIP (BDA Slip De-Framer) - system32\DRIVERS\SLIP.sys
3 sonypvs1 (Sony Digital Imaging Video2) - system32\DRIVERS\sonypvs1.sys
0 sptd - System32\Drivers\sptd.sys
3 streamip (BDA IPSink) - system32\DRIVERS\StreamIP.sys
3 usbaudio (USB Audio Driver (WDM)) - system32\drivers\usbaudio.sys
3 usbccgp (Microsoft USB Generic Parent Driver) - system32\DRIVERS\usbccgp.sys
3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - System32\DRIVERS\usbehci.sys
3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - System32\DRIVERS\usbohci.sys
3 usbscan (USB Scanner Driver) - system32\DRIVERS\usbscan.sys
3 usbser (Motorola USB Modem Driver) - system32\DRIVERS\usbser.sys
3 usbsermpt (Motorola USB Modem Driver for MPT) - system32\DRIVERS\usbsermpt.sys
3 USBSTOR (USB Mass Storage Driver) - system32\DRIVERS\USBSTOR.SYS
3 WpdUsb - system32\DRIVERS\wpdusb.sys
3 WSTCODEC (World Standard Teletext Codec) - system32\DRIVERS\WSTCODEC.SYS
0 WudfPf (Windows Driver Foundation - User-mode Driver Framework Platform Driver) - system32\DRIVERS\WudfPf.sys
3 WudfRd (Windows Driver Foundation - User-mode Driver Framework Reflector) - system32\DRIVERS\wudfrd.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
2 Avg7Alrt (AVG7 Alert Manager Server) - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
2 Avg7UpdSvc (AVG7 Update Service) - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
3 IDriverT (InstallDriver Table Manager) - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
2 MDM (Machine Debug Manager) - "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
2 UleadBurningHelper (Ulead Burning Helper) - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2 WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"
3 WMPNetworkSvc (Windows Media Player Network Sharing Service) - "C:\Program Files\Windows Media Player\WMPNetwk.exe"
2 WudfSvc (Windows Driver Foundation - User-mode Driver Framework) - %SystemRoot%\system32\svchost.exe -k WudfServiceGroup


-- Scheduled Tasks --------------------------------------------------------------

2007-02-10 23:00:00 272 --ah----- C:\WINDOWS\Tasks\A071C02791C27543.job<A071C0~1.JOB>


-- Files created between 2007-01-10 and 2007-02-10 ------------------------------

2007-02-10 20:59:05 0 d-------- C:\Hoster
2007-02-10 18:57:10 0 d-------- C:\Program Files\HJT
2007-02-10 18:32:18 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-10 14:47:09 1048576 --ah----- C:\Documents and Settings\Administrator.AHOTROOP\NTUSER.DAT
2007-02-10 14:00:47 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-02-10 14:00:47 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-02-10 13:42:23 11254 --a------ C:\WINDOWS\system32\locate.com
2007-02-10 12:48:08 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-10 11:46:31 0 d-------- C:\Spyware Tools<SPYWAR~1>
2007-02-10 11:23:49 0 d-------- C:\Program Files\CCleaner
2007-02-10 10:58:37 6029312 --a------ C:\Documents and Settings\allofus\ntuser.dat
2007-02-10 10:58:36 786432 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2007-02-09 20:40:29 0 d-------- C:\Program Files\RegScrubXP<REGSCR~1>
2007-02-08 23:01:08 0 d-------- C:\Documents and Settings\allofus\.housecall6.6<HOUSEC~1.6>
2007-02-08 18:27:05 0 d-------- C:\Program Files\InterActual<INTERA~1>
2007-02-06 22:48:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-02-06 22:12:44 0 d-------- C:\Program Files\Lavalys
2007-02-06 21:25:59 49152 --a------ C:\WINDOWS\InstFunc.exe<Unsigned: n/a>
2007-02-06 21:25:59 12288 --a------ C:\WINDOWS\InstFunc.dll<Unsigned: Silicon Integrated Systems Corporation>
2007-01-27 13:56:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-01-25 13:09:49 0 d-------- C:\WINDOWS\HASBRO
2007-01-25 13:08:19 0 d-------- C:\HASBRO
2007-01-25 10:54:47 0 dr-h----- C:\$VAULT$.AVG
2007-01-23 04:34:14 9728 --a------ C:\WINDOWS\system32\SiSPIns2.dll<Signed: Silicon Integrated Systems Corporation>
2007-01-12 20:39:13 0 d-------- C:\Documents and Settings\allofus\Application Data\AutoDWG
2007-01-12 07:51:31 0 d-------- C:\Program Files\Virtools


-- Find3M Report ----------------------------------------------------------------

2007-02-10 21:51:28 0 d-------- C:\Program Files\Java
2007-02-10 19:08:51 0 d-------- C:\Program Files\WS_FTP Pro<WS_FTP~1>
2007-02-10 19:08:46 0 d-------- C:\Program Files\WinUHA
2007-02-10 19:08:33 0 d-------- C:\Program Files\Windows Defender<WINDOW~4>
2007-02-10 19:05:42 0 d-------- C:\Program Files\QuickTime<QUICKT~1>
2007-02-10 19:05:29 0 d-------- C:\Program Files\PowerISO
2007-02-10 08:46:18 0 d-------- C:\Program Files\Rugrats Activity Challenge<RUGRAT~1>
2007-02-09 22:57:49 0 d-------- C:\Documents and Settings\allofus\Application Data\AVG7
2007-02-01 21:09:21 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-01 20:38:37 0 d-------- C:\Documents and Settings\allofus\Application Data\AdobeUM
2007-01-29 10:50:11 0 d-------- C:\Documents and Settings\allofus\Application Data\PlayFirst<PLAYFI~1>
2007-01-25 10:41:30 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys<Unsigned: GRISOFT, s.r.o.>
2007-01-25 10:41:29 18432 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys<Unsigned: GRISOFT, s.r.o.>
2007-01-25 10:41:29 839936 --a------ C:\WINDOWS\system32\drivers\avg7core.sys<Unsigned: GRISOFT, s.r.o.>
2007-01-23 04:56:04 16896 --a------ C:\WINDOWS\system32\drivers\srvkp.sys<Signed: Silicon Integrated Systems Corporation>
2007-01-23 04:55:58 1571001 --a------ C:\WINDOWS\system32\sisgl.dll<Signed: Silicon Integrated Systems Corporation>
2007-01-23 04:39:46 3514368 --a------ C:\WINDOWS\system32\sisgrv.dll<Signed: Silicon Integrated Systems Corporation>
2007-01-23 04:35:20 317952 --a------ C:\WINDOWS\system32\drivers\sisgrp.sys<Signed: Silicon Integrated Systems Corporation>
2007-01-23 04:32:56 172032 --a------ C:\WINDOWS\system32\SiSInst.dll<Signed: Silicon Integrated Systems Corporation>
2007-01-23 04:32:44 258048 --a------ C:\WINDOWS\system32\SiSParse.dll<Signed: Silicon Integrated Systems Corporation>
2007-01-23 04:32:26 49152 --a------ C:\WINDOWS\system32\SiSBase.dll<Signed: Silicon Integrated Systems Corporation>
2007-01-14 12:37:13 0 d-------- C:\Program Files\sz8028
2007-01-12 20:24:24 0 d-------- C:\Documents and Settings\allofus\Application Data\LimeWire
2006-12-26 21:00:46 0 d-------- C:\Documents and Settings\allofus\Application Data\Azureus
2006-12-26 15:33:40 0 d-------- C:\Program Files\Miuchiz
2006-12-26 11:56:33 1112 --a------ C:\Documents and Settings\allofus\Application Data\ViewerApp.dat<VIEWER~1.DAT>
2006-12-25 14:53:43 0 d-------- C:\Program Files\MGA Games<MGAGAM~1>
2006-12-25 14:07:28 0 d-------- C:\Documents and Settings\allofus\Application Data\Arcsoft
2006-12-25 14:01:13 0 d-------- C:\Program Files\Common Files\ArcSoft
2006-12-25 14:00:45 0 d-------- C:\Program Files\ArcSoft
2006-12-25 13:57:18 0 d-------- C:\Program Files\JL2005A
2006-12-17 11:21:49 0 d-------- C:\Program Files\Grisoft
2006-12-17 10:38:38 0 d-------- C:\Documents and Settings\allofus\Application Data\BitRoll
2006-12-17 10:38:23 0 d-------- C:\Program Files\Remotefreehope<REMOTE~1>
2006-12-06 20:25:43 4184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys<Unsigned: n/a>
2006-12-06 20:25:43 8 -r-hs---- C:\WINDOWS\system32\DECD777876.sys<DECD77~1.SYS><Unsigned: n/a>
2006-12-05 20:28:12 100 --a------ C:\AUTOEXEC.BAT


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WeatherEye"="C:\\Program Files\\TheWeatherNetwork\\WeatherEye\\WeatherEye"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"UVS10 Preload"="C:\\Program Files\\Ulead Systems\\Ulead VideoStudio 10\\uvPL.exe"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of ComboScan: finished at 2007-02-10 at 23:08:50 -------------------------

[tetonbob]

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

• First close any other programs you have running as this will require a reboot
• Double click NoLop.exe to run it.
• Now click the button labelled "Search and Destroy"
  <<your computer will now be scanned for infected files>>
• When scanning is finished you will be prompted to reboot only if infected, Click OK
• Now click the "REBOOT" Button.
• A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log in your next reply.

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------------------------------------


Delete the following if they exist:

C:\Program Files\Remotefreehope

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here. Please turn off (uncheck) the Wordwrap feature in Notepad, by going to Format in the menu bar. It creates the double space effect in the HJT log, and is difficult to read.

---------------------------------------------------------------------------------------------

[rextobadownstai]

Here are the next 2 logs. Thanks for your time.

Logfile of HijackThis v1.99.1
Scan saved at 11:52:43 PM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\HJT\hijackthis\Analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_a...Downloader.cab
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/co...rolLite_EN.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.co.uk/save/makeover.cab
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resourc...scbase7617.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.shockwave.com/content/din...2.1.0.0.67.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1143688737046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1158107028640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {F10C33E8-4EC0-4369-B365-730450CF5A09} (CPlayFirstDDTumsControl Object) - http://www.gamehouse.com/games/DinerDash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--------------------------------------

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\allofus\Desktop
[2/10/2007]
[11:39:57 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\A071C02791C27543.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator.ahotroop\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Aol Downloads -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Bvrp Software
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Installshield
C:\Documents and Settings\All Users\Application Data\Ipswitch
C:\Documents and Settings\All Users\Application Data\Iwin
C:\Documents and Settings\All Users\Application Data\Macromedia
C:\Documents and Settings\All Users\Application Data\Macrovision
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Microsoft Games
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Playfirst
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sandlot Games
C:\Documents and Settings\All Users\Application Data\Smartsound Software Inc
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
C:\Documents and Settings\Allofus\Application Data\Adobe
C:\Documents and Settings\Allofus\Application Data\Adobeum
C:\Documents and Settings\Allofus\Application Data\Ahead
C:\Documents and Settings\Allofus\Application Data\Arcsoft
C:\Documents and Settings\Allofus\Application Data\Autodwg
C:\Documents and Settings\Allofus\Application Data\Avg7
C:\Documents and Settings\Allofus\Application Data\Azureus
C:\Documents and Settings\Allofus\Application Data\Bitroll
C:\Documents and Settings\Allofus\Application Data\Cyberlink
C:\Documents and Settings\Allofus\Application Data\Google
C:\Documents and Settings\Allofus\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Allofus\Application Data\Identities
C:\Documents and Settings\Allofus\Application Data\Ipswitch
C:\Documents and Settings\Allofus\Application Data\Iwin
C:\Documents and Settings\Allofus\Application Data\Jamdat
C:\Documents and Settings\Allofus\Application Data\Limewire
C:\Documents and Settings\Allofus\Application Data\Macromedia
C:\Documents and Settings\Allofus\Application Data\Microsoft
C:\Documents and Settings\Allofus\Application Data\Microsoft Games
C:\Documents and Settings\Allofus\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Allofus\Application Data\Playfirst
C:\Documents and Settings\Allofus\Application Data\Registry Booster
C:\Documents and Settings\Allofus\Application Data\Simple Star
C:\Documents and Settings\Allofus\Application Data\Sun
C:\Documents and Settings\Allofus\Application Data\Ulead Systems
C:\Documents and Settings\Allofus\Application Data\Utorrent
C:\Documents and Settings\Allofus\Application Data\Windows Live Safety Center
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Avg7
C:\Documents and Settings\Localservice\Application Data\Cyberlink
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft

[tetonbob]

Hi Rex -

There was one more tool I wanted run, inside the fl.zip folder.

Please see the instructions in my previous post.

[rextobadownstai]

I didn't see anything about running the .exe file. What should I do now? Start that last set of instructions again or what? Thanks.

[tetonbob]

It's not an exe file you need to run....I'll repeat the instructions.

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply

[rextobadownstai]

here it is

Volume in drive C has no label.
Volume Serial Number is FC55-ECD4

Directory of C:\Documents and Settings\All Users\Application Data

01/27/2007 01:56 PM <DIR> Adobe
04/06/2006 04:06 PM <DIR> Adobe Systems
04/18/2006 06:58 PM <DIR> Ahead
09/25/2006 06:46 PM <DIR> AOL Downloads
12/07/2006 09:30 PM <DIR> Apple Computer
02/09/2007 08:39 PM <DIR> avg7
09/26/2006 06:36 PM <DIR> BVRP Software
12/08/2006 05:41 PM <DIR> CyberLink
11/22/2006 06:09 PM <DIR> Grisoft
04/16/2006 06:48 PM 377 hpzinstall.log
12/07/2006 09:30 PM <DIR> InstallShield
05/01/2006 12:56 PM <DIR> Ipswitch
09/02/2006 01:14 PM <DIR> iWin
05/02/2006 06:38 PM <DIR> Macromedia
05/02/2006 05:53 PM <DIR> Macrovision
10/11/2006 05:36 PM <DIR> Microsoft Games
06/07/2006 07:52 PM <DIR> MSN6
01/29/2007 10:50 AM <DIR> PlayFirst
04/06/2006 03:04 PM <DIR> QuickTime
08/01/2006 06:45 PM <DIR> Sandlot Games
12/06/2006 08:29 PM <DIR> SmartSound Software Inc
02/10/2007 10:37 PM <DIR> Spybot - Search & Destroy
02/10/2007 09:55 PM 7,310 Svclog.log
02/10/2007 10:35 AM <DIR> TEMP
09/03/2006 07:11 PM <DIR> Trymedia
12/07/2006 09:43 PM <DIR> Ulead Systems
03/29/2006 09:23 PM <DIR> Windows Genuine Advantage
04/26/2006 03:58 PM <DIR> Yahoo! Companion
2 File(s) 7,687 bytes
26 Dir(s) 28,668,477,440 bytes free
Volume in drive C has no label.
Volume Serial Number is FC55-ECD4

Directory of C:\Documents and Settings\allofus\Application Data

09/09/2006 11:49 AM <DIR> Adobe
02/01/2007 08:38 PM <DIR> AdobeUM
04/19/2006 02:56 PM <DIR> Ahead
12/25/2006 02:07 PM <DIR> Arcsoft
01/12/2007 08:39 PM <DIR> AutoDWG
02/09/2007 10:57 PM <DIR> AVG7
12/26/2006 09:00 PM <DIR> Azureus
12/17/2006 10:38 AM <DIR> BitRoll
12/07/2006 06:02 PM <DIR> CyberLink
06/18/2006 06:41 PM 74,592 GDIPFONTCACHEV1.DAT
06/06/2006 04:34 PM <DIR> Google
07/23/2006 03:02 PM <DIR> Help
03/29/2006 08:11 PM <DIR> Identities
05/01/2006 12:56 PM <DIR> Ipswitch
09/02/2006 01:14 PM <DIR> iWin
08/06/2006 03:40 PM <DIR> Jamdat
01/12/2007 08:24 PM <DIR> LimeWire
07/09/2006 08:21 PM <DIR> Macromedia
10/11/2006 05:40 PM <DIR> Microsoft Games
06/07/2006 07:52 PM <DIR> MSN6
01/29/2007 10:50 AM <DIR> PlayFirst
06/10/2006 08:43 AM <DIR> Registry Booster
04/18/2006 07:06 PM <DIR> Simple Star
04/22/2006 11:21 AM <DIR> Sun
12/07/2006 09:50 PM <DIR> Ulead Systems
12/07/2006 04:37 PM <DIR> uTorrent
12/26/2006 11:56 AM 1,112 ViewerApp.dat
03/29/2006 11:20 PM <DIR> Windows Live Safety Center
2 File(s) 75,704 bytes
26 Dir(s) 28,668,477,440 bytes free
Volume in drive C has no label.
Volume Serial Number is FC55-ECD4

Directory of C:\Documents and Settings\Default User\Application Data

03/29/2006 01:57 PM <DIR> .
03/29/2006 01:57 PM <DIR> ..
03/29/2006 01:57 PM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 28,668,481,536 bytes free
Volume in drive C has no label.
Volume Serial Number is FC55-ECD4

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is FC55-ECD4

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues

[tetonbob]

Good job.

Looks like we got the LOP/swizzor nasty.

Please run this online scan to help us make sure nothing else is lurking.

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Post the results of the scan.

[rextobadownstai]

Fabulous job yourself!
Thanks


Incident Status Location

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\allofus\Cookies\allofus@tribalfusion[1].txt

[tetonbob]

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.

Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  Here are a few very good free Antivirus products which are available:
  • AOL Active Virus Shield (powered by Kaspersky Antivirus)
  • Avast!
  • AVG
  • Avira PersonalEdition Classic
  Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
  

  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial

• FIREWALL
  If you do not have a firewall, here are a couple of great free ones available for personal use. Using a third-party firewall will allow you to give/deny access for applications that want to go online. Select one of these, or another of your choice:
  
  Do not install more than one firewall program because they will conflict with each other.

• Comodo Personal Firewall
• ZoneAlarm

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.

[rextobadownstai]

We are so fortunate to have people like yourself to aid people like me against people who nothing better to do than mess with peoples lives. Thank you so much! Let's consider this closed.