Unable to attach anything to emails and keep getting popups/ads

loreto08 · 01-14-2008, 11:42 PM

Hi,

I have been troubled by spyware/adware since past one month. I switched to Firefox browser to prevent multiple popups coming up when using IE. Since then, the number of popups has decreased, but they still popup in a separate IE window sporadically.

The real problem I face now is that since yesterday, I am unable to attach anything to hotmail, yahoomail or gmail from my hard disk, and get the following error message (in Firefox):-

"The connection to the server was reset while the page was loading.

* The site could be temporarily unavailable or too busy. Try again in a few moments.
* If you are unable to load any pages, check your computer's network connection.
* If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web."

I don't know what's the problem as the internet is up and running and the above error message related to limited internet connection comes up only when attaching something to any newly composed email in gmail, hotmail or yahoomail. The problem is same in IE too, where the IE message is different:-

"Internet Explorer cannot display the webpage

Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.

What you can try:
Diagnose Connection Problems

More information
This problem can be caused by a variety of issues, including:
Internet connectivity has been lost.
The website is temporarily unavailable.
The Domain Name Server (DNS) is not reachable.
The Domain Name Server (DNS) does not have a listing for the website's domain.
If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section. "

When using the IE, the Laptop processing is very very slow and a popup window doing dummy security online check from "MalwareAlarm Online Security Scanner" keeps bugging. :-(

I tried followed all the 5 initial steps before posting the log. But when I finished with the online Panda scan and clicked See Report button, get a VBScript error message in a dialog box:- "You need to connect to the Internet now in order to continue using Panda ActiveScan". I guess the reason for this error and attachment not loading from disk to mail is identical. I suspect that I may have "fixed" some file/plugin needed by browser to load local files, during my "R&D" to solve the popup/adware issues using HiJackThis.

Here's the summary after online Panda Scan (as I can't load the report using See Report):-
Virus - 1
Spyware - 83
Hacking tools and rootkits - 4

Can someone please help me in identifying the component/dll/exe, that I may have deleted ("fixed" using HijackThis) or has been bugged by adware/spyware, due to which my browsers (both IE/Firefox) are not able to load files from hard disk, with reason that there is no internet connection, even though the net is up and running? Only then can I further proceed to generate the online Panda logfile, etc.

Thanks in Advance

loreto08 · 01-15-2008, 11:07 PM

Bump...

Please help me in resolving the issue. I have bumped before the suggested 72 hours wait-time, just to confirm again, that the internet connection really doesn't have any problems, and other laptops connected to the same wifi connection are working good.

loreto08 · 01-18-2008, 09:06 AM

BUMP

I know that the absurd problem description doesn't encourage anyone to help me. But please help me with the multiple popups/adwares. May be getting rid of these things can just not make the laptop faster, but remove the problem above.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58, on 2008-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SopCast\adv\SopAdver.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [948afca3] rundll32.exe "C:\WINDOWS\system32\vshgngtg.dll",b
O4 - HKLM\..\Run: [BM97b9cf3f] Rundll32.exe "C:\WINDOWS\system32\tldghfxi.dll",s
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJhbmE\command.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10233 bytes

loreto08 · 01-22-2008, 05:59 PM

Hi,

My laptop is bugged with virus/adware/popup since past one month. I had to switch to Firefox for browsing as trying IE invokes irritating popups, crashes the windows explorer and the task bar (as well as desktop content) vanishes.

No extra.txt file is getting created in C:\Deckard\System Scanner. Yes, the directory has only main.txt created and no file like extra.txt is minimized/created.

Here're the log file after DSS run:-

Deckard's System Scanner v20071014.68
Run by Arana on 2008-01-22 19:46:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.4 GiB (less than 15%) free.

-- HijackThis (run as Arana.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48, on 2008-01-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Animesh Spyware removal\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Arana.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9BAD6220-9BF1-4971-9D55-7A439FE22381} - C:\WINDOWS\system32\sstqp.dll
O2 - BHO: {a9b8b75f-978c-e479-0944-8d501b912f2a} - {a2f219b1-05d8-4490-974e-c879f57b8b9a} - C:\WINDOWS\system32\rqtxuxrq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [948afca3] rundll32.exe "C:\WINDOWS\system32\spmfdytb.dll",b
O4 - HKLM\..\Run: [BM97b9cf3f] Rundll32.exe "C:\WINDOWS\system32\gyxpelqq.dll",s
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnlkkh - nnnlkkh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJhbmE\command.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10999 bytes

-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-22 15:10:55 8576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-22 15

09 0 d-------- C:\WINDOWS\LastGood
2008-01-21 20:17:29 88640 --a------ C:\WINDOWS\system32\spmfdytb.dll
2008-01-21 20:11:28 70208 --a------ C:\WINDOWS\system32\gyxpelqq.dll
2008-01-21 20:09:10 78912 --a------ C:\WINDOWS\system32\rqtxuxrq.dll
2008-01-17 18:33:17 86592 --a------ C:\WINDOWS\system32\vshgngtg.dll
2008-01-17 18:27:26 70208 --a------ C:\WINDOWS\system32\tldghfxi.dll
2008-01-17 18:27:19 77376 --a------ C:\WINDOWS\system32\iwlybxcb.dll
2008-01-16 18:58:03 0 d-------- C:\Documents and Settings\Kiran\Application Data\Mozilla
2008-01-16 18:25:43 76864 --a------ C:\WINDOWS\system32\qtijugrp.dll
2008-01-16 18:25:31 70208 --a------ C:\WINDOWS\system32\gqofxtpu.dll
2008-01-15 19:27:50 0 d-------- C:\Borland
2008-01-15 18:30:15 89152 --a------ C:\WINDOWS\system32\qubipxoh.dll
2008-01-15 18:26:19 70208 --a------ C:\WINDOWS\system32\oxlkvrhj.dll
2008-01-15 18:26:12 79936 --a------ C:\WINDOWS\system32\lxlnsvdb.dll
2008-01-14 23:20:29 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-14 22:53:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-14 20:02:55 0 d-------- C:\Program Files\Lavasoft
2008-01-14 20:02:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 19:29:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 18:25:55 70208 --a------ C:\WINDOWS\system32\iemadlpg.dll
2008-01-14 18:25:43 77888 --a------ C:\WINDOWS\system32\dfgvsivh.dll
2008-01-14 17:35:13 0 d--h----- C:\Documents and Settings\Arana\.huptlzo
2008-01-14 17:35:13 0 d-------- C:\Documents and Settings\Arana\.borland
2008-01-14 15:27:17 0 d-------- C:\Program Files\Turbo C++ <TURBOC~1>
2008-01-14 14:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-13 18:30:17 90176 --a------ C:\WINDOWS\system32\qnstphpc.dll
2008-01-13 18:24:29 79936 --a------ C:\WINDOWS\system32\nwrcpnkk.dll
2008-01-13 18:24:19 70208 --a------ C:\WINDOWS\system32\jbnmjiac.dll
2008-01-12 18:27:57 90176 --a------ C:\WINDOWS\system32\trsfnkfv.dll
2008-01-12 18:25:08 76864 --a------ C:\WINDOWS\system32\nvebpnet.dll
2008-01-12 18:24:57 70208 --a------ C:\WINDOWS\system32\kobbftrn.dll
2008-01-11 18:25:05 70208 --a------ C:\WINDOWS\system32\gxntjmbv.dll
2008-01-11 18:25:01 76864 --a------ C:\WINDOWS\system32\oytllbeo.dll
2008-01-10 18:24:29 70208 --a------ C:\WINDOWS\system32\gttwtnrq.dll
2008-01-10 18:24:22 79424 --a------ C:\WINDOWS\system32\wchflhdt.dll
2008-01-09 18:23:23 79936 --a------ C:\WINDOWS\system32\hdylmfaa.dll
2008-01-08 18:25:05 77888 --a------ C:\WINDOWS\system32\payhdtdl.dll
2008-01-07 18:24:01 76864 --a------ C:\WINDOWS\system32\tlrpuwif.dll
2008-01-06 18:25:40 75840 --a------ C:\WINDOWS\system32\hkyggfvx.dll
2008-01-05 18:26:31 90176 --a------ C:\WINDOWS\system32\ddmvrxff.dll
2008-01-05 18:23:33 78912 --a------ C:\WINDOWS\system32\prbwsvga.dll
2008-01-04 23:26:00 0 d-------- C:\Program Files\Media Converter SA Edition
2008-01-04 18:23:17 79424 --a------ C:\WINDOWS\system32\wwbubwly.dll
2008-01-03 18:21:13 78400 --a------ C:\WINDOWS\system32\mgqswbds.dll
2008-01-02 18:22:08 90176 --a------ C:\WINDOWS\system32\mdqdcwic.dll
2008-01-02 18:20:31 78400 --a------ C:\WINDOWS\system32\txjjfkfo.dll
2008-01-01 18:28:05 90176 --a------ C:\WINDOWS\system32\obyphxpo.dll
2008-01-01 18:25:01 77376 --a------ C:\WINDOWS\system32\xwmqafuo.dll
2007-12-31 18:22:38 78912 --a------ C:\WINDOWS\system32\nhxuwikv.dll
2007-12-30 18:20:59 78400 --a------ C:\WINDOWS\system32\anuaocrp.dll
2007-12-30 18:02:41 0 d-------- C:\Program Files\Apple Software Update
2007-12-30 18:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-29 18:20:45 90176 --a------ C:\WINDOWS\system32\wmvwdulm.dll
2007-12-29 18:18:14 78912 --a------ C:\WINDOWS\system32\wtvclpes.dll
2007-12-28 18:22:22 90176 --a------ C:\WINDOWS\system32\bklpbqxm.dll
2007-12-28 18:22:14 77888 --a------ C:\WINDOWS\system32\bqgfvwjh.dll
2007-12-27 22:52:16 0 d-------- C:\Garmin
2007-12-27 18:25:57 81984 --a------ C:\WINDOWS\system32\ifcdnsac.dll
2007-12-26 16:03:13 80448 --a------ C:\WINDOWS\system32\fchbpbdb.dll
2007-12-26 01:56:11 77376 --a------ C:\WINDOWS\system32\dfnnteia.dll
2007-12-26 01:53:12 87104 --a------ C:\WINDOWS\system32\ayiytwdj.dll
2007-12-25 01:52:16 78400 --a------ C:\WINDOWS\system32\wgvkbuhu.dll
2007-12-25 01:49:14 87104 --a------ C:\WINDOWS\system32\bndqdpuk.dll

-- Find3M Report ---------------------------------------------------------------

2008-01-22 19:48:12 335474 --ahs---- C:\WINDOWS\system32\pqtss.ini2
2008-01-22 16:04:04 0 d-------- C:\Program Files\iTunes
2008-01-22 16:03:32 0 d-------- C:\Program Files\GoogleAFE
2008-01-22 16:03:31 0 d-------- C:\Program Files\Google
2008-01-22 15:58:17 0 d-------- C:\Program Files\Apoint
2008-01-14 22:19:50 0 d-------- C:\Program Files\Common Files
2008-01-14 20:00:04 0 d-------- C:\Program Files\Microsoft.NET
2008-01-14 19:09:07 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-01-14 16:35:31 0 d-------- C:\Program Files\IrfanView
2008-01-09 10:18:41 5278 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-09 09:15:30 0 d-------- C:\Program Files\Java
2007-12-30 18:11:18 0 d-------- C:\Program Files\QuickTime
2007-12-26 17:20:59 0 d-------- C:\Program Files\SopCast
2007-12-20 21:15:55 85568 --a------ C:\WINDOWS\system32\quajsvoc.dll
2007-12-18 21:23:46 85568 --a------ C:\WINDOWS\system32\ovxtsttv.dll
2007-12-17 10:09:52 0 d-------- C:\Documents and Settings\Arana\Application Data\Skype
2007-12-17 09:20:47 0 d-------- C:\Documents and Settings\Arana\Application Data\Adobe
2007-12-17 09:20:43 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-17 01:07:27 0 d-------- C:\Program Files\Temporary
2007-12-16 22:48:01 0 d-------- C:\Program Files\Trend Micro
2007-12-16 21:46:37 10 --a------ C:\Program Files\.autoreg
2007-12-16 21:39:08 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-16 21:39:03 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-16 20:14:54 85568 --a------ C:\WINDOWS\system32\ceqkurxh.dll
2007-12-15 20:13:40 334848 --a------ C:\WINDOWS\system32\sstqp.dll
2007-12-15 17:58:20 0 d-------- C:\Documents and Settings\Arana\Application Data\Ahead
2007-12-11 00:10:00 0 d-------- C:\Documents and Settings\Arana\Application Data\SopCast
2007-12-10 10:32:06 0 d-------- C:\Documents and Settings\Arana\Application Data\AdobeUM
2007-12-03 22

55 0 d-------- C:\Documents and Settings\Arana\Application Data\Mozilla
2007-12-02 19:30:57 0 --ahs---- C:\Documents and Settings\Arana\Application Data\f1a797a6f964dcab1e0706db9cb0aec4bf6e3f0a.dat
2007-12-02 19:26:45 0 d-------- C:\Program Files\Crazy Browser
2007-12-01 10:51:15 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-29 18:18:07 0 d-------- C:\Program Files\LizardTech
2007-11-25 14:43:00 0 d-------- C:\Documents and Settings\Arana\Application Data\Viewpoint

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BAD6220-9BF1-4971-9D55-7A439FE22381}]
2007-12-15 20:13 334848 --a------ C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2f219b1-05d8-4490-974e-c879f57b8b9a}]
2008-01-21 20:09 78912 --a------ C:\WINDOWS\system32\rqtxuxrq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 19:20]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:30]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-28 19:41]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-01 20:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 06:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56]
"948afca3"="C:\WINDOWS\system32\spmfdytb.dll" [2008-01-21 20:17]
"BM97b9cf3f"="C:\WINDOWS\system32\gyxpelqq.dll" [2008-01-21 20:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 11:39]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 06:22]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-08 09:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:59]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-08-08 13:50:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh]
nnnlkkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]
AutoRun\command- reper.exe

*Newly Created Service* - ISYJABJTOPXD

-- End of Deckard's System Scanner: finished at 2008-01-22 19:49:13 ------------

loreto08 · 01-22-2008, 06:02 PM

The Activescan.txt after Panda online scan has been attached.

Incident Status Location

Adware:adware/commad Not disinfected Windows Registry
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Animesh Spyware removal\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Animesh Spyware removal\ComboFix\nircmd.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Animesh Spyware removal\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Animesh Spyware removal\ComboFix.exe[nircmd.cfexe]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.go.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.zedo.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.overture.com/]
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.enhance.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.com.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Arana\Cookies\arana@go[1].txt
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Arana\Local Settings\Temporary Internet Files\Content.IE5\NWT6W187\gamadril20071203[1]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\9lbnwmb4.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\9lbnwmb4.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\9lbnwmb4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@adrevolver[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@azjmp[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@c5.zedo[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@doubleclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@media.adrevolver[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@www5.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@zedo[2].txt
Adware:Adware/Awola Not disinfected C:\Program Files\Crazy Browser\load.exe
Adware:Adware/WhenUSearch Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ayiytwdj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bklpbqxm.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bndqdpuk.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\bqgfvwjh.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ceqkurxh.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ddmvrxff.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gqofxtpu.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gttwtnrq.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\gxntjmbv.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\iemadlpg.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\jbnmjiac.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\kobbftrn.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\mdqdcwic.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\nhxuwikv.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\obyphxpo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ovxtsttv.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\oxlkvrhj.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\qnstphpc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\quajsvoc.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\tldghfxi.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\trsfnkfv.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\txjjfkfo.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\wmvwdulm.dll
Spyware:Spyware/Vundo Not disinfected C:\WINDOWS\system32\xwmqafuo.dll

Ried · 01-22-2008, 06:31 PM

Hello loreto08 and welcome to TSF,

This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

loreto08 · 01-22-2008, 08:18 PM

Hi Reid,

Thanks for replying back. I have attached the ComboFix.txt.

ComboFix 08-01-23.1 - Arana 2008-01-22 21:54:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.564 [GMT -6:00]
Running from: C:\Documents and Settings\Arana\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Arana\My Documents\CROSOF~1
C:\Program Files\Temporary
C:\WINDOWS\cookies.ini
C:\WINDOWS\QXJhbmE\
C:\WINDOWS\system32\anuaocrp.dll
C:\WINDOWS\system32\axksgwjr.ini
C:\WINDOWS\system32\ayiytwdj.dll
C:\WINDOWS\system32\bklpbqxm.dll
C:\WINDOWS\system32\bndqdpuk.dll
C:\WINDOWS\system32\bqgfvwjh.dll
C:\WINDOWS\system32\bsdadlsm.dll
C:\WINDOWS\system32\btydfmps.ini
C:\WINDOWS\system32\ceqkurxh.dll
C:\WINDOWS\system32\ciwcdqdm.ini
C:\WINDOWS\system32\covsjauq.ini
C:\WINDOWS\system32\cphptsnq.ini
C:\WINDOWS\system32\ddmvrxff.dll
C:\WINDOWS\system32\dfgvsivh.dll
C:\WINDOWS\system32\dfnnteia.dll
C:\WINDOWS\system32\drqnlppw.ini
C:\WINDOWS\system32\edhxanib.ini
C:\WINDOWS\system32\elgjwlxf.dll
C:\WINDOWS\system32\fchbpbdb.dll
C:\WINDOWS\system32\ffxrvmdd.ini
C:\WINDOWS\system32\fxlwjgle.ini
C:\WINDOWS\system32\gqofxtpu.dll
C:\WINDOWS\system32\gtgnghsv.ini
C:\WINDOWS\system32\gttwtnrq.dll
C:\WINDOWS\system32\gxntjmbv.dll
C:\WINDOWS\system32\gyxpelqq.dll
C:\WINDOWS\system32\hdylmfaa.dll
C:\WINDOWS\system32\hkyggfvx.dll
C:\WINDOWS\system32\hoxpibuq.ini
C:\WINDOWS\system32\hxrukqec.ini
C:\WINDOWS\system32\iemadlpg.dll
C:\WINDOWS\system32\ifcdnsac.dll
C:\WINDOWS\system32\ifdghufj.ini
C:\WINDOWS\system32\iwlybxcb.dll
C:\WINDOWS\system32\jbnmjiac.dll
C:\WINDOWS\system32\jdwtyiya.ini
C:\WINDOWS\system32\kobbftrn.dll
C:\WINDOWS\system32\krcglvyr.ini
C:\WINDOWS\system32\kupdqdnb.ini
C:\WINDOWS\system32\ljhatamb.ini
C:\WINDOWS\system32\lrhrfclt.dll
C:\WINDOWS\system32\lxlnsvdb.dll
C:\WINDOWS\system32\lyrocmaw.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdqdcwic.dll
C:\WINDOWS\system32\mgqswbds.dll
C:\WINDOWS\system32\mjfabbfb.ini
C:\WINDOWS\system32\mludwvmw.ini
C:\WINDOWS\system32\mxqbplkb.ini
C:\WINDOWS\system32\najibnrh.ini
C:\WINDOWS\system32\nhxuwikv.dll
C:\WINDOWS\system32\nvebpnet.dll
C:\WINDOWS\system32\nwrcpnkk.dll
C:\WINDOWS\system32\obyphxpo.dll
C:\WINDOWS\system32\opxhpybo.ini
C:\WINDOWS\system32\ovxtsttv.dll
C:\WINDOWS\system32\oxlkvrhj.dll
C:\WINDOWS\system32\oytllbeo.dll
C:\WINDOWS\system32\payhdtdl.dll
C:\WINDOWS\system32\phcgjyjs.ini
C:\WINDOWS\system32\powdoecf.ini
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\prbwsvga.dll
C:\WINDOWS\system32\qjsbqubj.ini
C:\WINDOWS\system32\qnstphpc.dll
C:\WINDOWS\system32\qocpnexv.ini
C:\WINDOWS\system32\qtijugrp.dll
C:\WINDOWS\system32\quajsvoc.dll
C:\WINDOWS\system32\qubipxoh.dll
C:\WINDOWS\system32\rqtxuxrq.dll
C:\WINDOWS\system32\sjrpdjvk.ini
C:\WINDOWS\system32\spikbnss.ini
C:\WINDOWS\system32\spmfdytb.dll
C:\WINDOWS\system32\srkxaurr.exe
C:\WINDOWS\system32\sstqp.dll
C:\WINDOWS\system32\tldghfxi.dll
C:\WINDOWS\system32\tlrpuwif.dll
C:\WINDOWS\system32\trbwoyjh.ini
C:\WINDOWS\system32\trsfnkfv.dll
C:\WINDOWS\system32\txjjfkfo.dll
C:\WINDOWS\system32\usbdbjxk.ini
C:\WINDOWS\system32\vfknfsrt.ini
C:\WINDOWS\system32\vshgngtg.dll
C:\WINDOWS\system32\vttstxvo.ini
C:\WINDOWS\system32\wchflhdt.dll
C:\WINDOWS\system32\wgvkbuhu.dll
C:\WINDOWS\system32\wmvwdulm.dll
C:\WINDOWS\system32\wtvclpes.dll
C:\WINDOWS\system32\wwbubwly.dll
C:\WINDOWS\system32\xwmqafuo.dll

----- BITS: Possible infected sites -----

hxxp://javadl.sun.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 21:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 15:10 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys
2008-01-22 15:06 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-01-14 23:20 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-14 22:54 . 2008-01-22 15:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-14 22:54 . 2008-01-22 15:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-14 22:54 . 2008-01-22 15:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-14 22:53 . 2008-01-22 16:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-14 20:02 . 2008-01-14 20:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-14 19:29 . 2008-01-14 19:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 15:27 . 2008-01-14 20:12 <DIR> d-------- C:\Program Files\Turbo C++
2008-01-10 18:24 . 2008-01-22 21:48 16,609 --a------ C:\WINDOWS\BM97b9cf3f.xml
2008-01-10 18:24 . 2008-01-22 21:55 21 --a------ C:\WINDOWS\pskt.ini
2008-01-06 22:33 . 2008-01-12 14:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 22:33 . 2008-01-06 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 23:26 . 2008-01-04 23:38 <DIR> d-------- C:\Program Files\Media Converter SA Edition
2008-01-03 18:30 . 2008-01-04 09:49 354 --ahs---- C:\WINDOWS\system32\uyxmqrpg.ini
2007-12-30 18:02 . 2007-12-30 18:02 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-27 22:52 . 2007-12-27 22:52 <DIR> d-------- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 22:04 --------- d-----w C:\Program Files\iTunes
2008-01-22 22:03 --------- d-----w C:\Program Files\GoogleAFE
2008-01-22 22:03 --------- d-----w C:\Program Files\Google
2008-01-22 21:58 --------- d-----w C:\Program Files\Apoint
2008-01-15 02:00 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-15 01:09 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-01-14 22:35 --------- d-----w C:\Program Files\IrfanView
2008-01-09 15:15 --------- d-----w C:\Program Files\Java
2007-12-31 00:11 --------- d-----w C:\Program Files\QuickTime
2007-12-26 23:20 --------- d-----w C:\Program Files\SopCast
2007-12-17 04:48 --------- d-----w C:\Program Files\Trend Micro
2007-12-17 03:46 10 ----a-w C:\Program Files\.autoreg
2007-12-17 03:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-17 03:39 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-12-03 01:26 --------- d-----w C:\Program Files\Crazy Browser
2007-12-01 16:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-30 00:18 --------- d-----w C:\Program Files\LizardTech
2007-10-11 06:23 56 --sh--r C:\WINDOWS\system32\502EB1F13D.sys
2006-03-18 18:45 56 -csh--r C:\WINDOWS\system32\FA654F8D24.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 11:39 176201]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 06:22 4670968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-08 09:43 1953792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:59 68856]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:22 3739648]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24 684032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 19:20 8192]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:30 823362]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-28 19:41 1122304]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-01 20:44 168448]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 06:45 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh]
nnnlkkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-28 18:33]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-28 19:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]
\Shell\AutoRun\command - reper.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 22:07:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-22 22:10:17 - machine was rebooted [Arana]
ComboFix-quarantined-files.txt 2008-01-23 04:10:13
.
2008-01-08 21:44:40 --- E O F ---

Here's the new DSS HJT main.txt log (btw, I didn't get any extra.txt during this run):-

Deckard's System Scanner v20071014.68
Run by Arana on 2008-01-22 22:15:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.59 GiB (less than 15%) free.

-- HijackThis (run as Arana.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:16:37, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Animesh Spyware removal\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Arana.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: nnnlkkh - nnnlkkh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10841 bytes

-- Files created between 2007-12-22 and 2008-01-22 -----------------------------

2008-01-22 15:10:55 8576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-16 18:58:03 0 d-------- C:\Documents and Settings\Kiran\Application Data\Mozilla
2008-01-15 19:27:50 0 d-------- C:\Borland
2008-01-14 23:20:29 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-14 22:53:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-14 20:02:55 0 d-------- C:\Program Files\Lavasoft
2008-01-14 20:02:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 19:29:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 17:35:13 0 d--h----- C:\Documents and Settings\Arana\.huptlzo
2008-01-14 17:35:13 0 d-------- C:\Documents and Settings\Arana\.borland
2008-01-14 15:27:17 0 d-------- C:\Program Files\Turbo C++ <TURBOC~1>
2008-01-14 14:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-04 23:26:00 0 d-------- C:\Program Files\Media Converter SA Edition
2007-12-30 18:02:41 0 d-------- C:\Program Files\Apple Software Update
2007-12-30 18:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-27 22:52:16 0 d-------- C:\Garmin

-- Find3M Report ---------------------------------------------------------------

2008-01-22 16:04:04 0 d-------- C:\Program Files\iTunes
2008-01-22 16:03:32 0 d-------- C:\Program Files\GoogleAFE
2008-01-22 16:03:31 0 d-------- C:\Program Files\Google
2008-01-22 15:58:17 0 d-------- C:\Program Files\Apoint
2008-01-14 22:19:50 0 d-------- C:\Program Files\Common Files
2008-01-14 20:00:04 0 d-------- C:\Program Files\Microsoft.NET
2008-01-14 19:09:07 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-01-14 16:35:31 0 d-------- C:\Program Files\IrfanView
2008-01-09 10:18:41 5278 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-09 09:15:30 0 d-------- C:\Program Files\Java
2007-12-30 18:11:18 0 d-------- C:\Program Files\QuickTime
2007-12-26 17:20:59 0 d-------- C:\Program Files\SopCast
2007-12-17 10:09:52 0 d-------- C:\Documents and Settings\Arana\Application Data\Skype
2007-12-17 09:20:47 0 d-------- C:\Documents and Settings\Arana\Application Data\Adobe
2007-12-17 09:20:43 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 22:48:01 0 d-------- C:\Program Files\Trend Micro
2007-12-16 21:46:37 10 --a------ C:\Program Files\.autoreg
2007-12-16 21:39:08 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-16 21:39:03 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-15 17:58:20 0 d-------- C:\Documents and Settings\Arana\Application Data\Ahead
2007-12-11 00:10:00 0 d-------- C:\Documents and Settings\Arana\Application Data\SopCast
2007-12-10 10:32:06 0 d-------- C:\Documents and Settings\Arana\Application Data\AdobeUM
2007-12-03 22

55 0 d-------- C:\Documents and Settings\Arana\Application Data\Mozilla
2007-12-02 19:30:57 0 --ahs---- C:\Documents and Settings\Arana\Application Data\f1a797a6f964dcab1e0706db9cb0aec4bf6e3f0a.dat
2007-12-02 19:26:45 0 d-------- C:\Program Files\Crazy Browser
2007-12-01 10:51:15 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-29 18:18:07 0 d-------- C:\Program Files\LizardTech
2007-11-25 14:43:00 0 d-------- C:\Documents and Settings\Arana\Application Data\Viewpoint

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [13/09/2004 16:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [01/09/2005 17:24]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [08/09/2005 19:20]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [30/08/2005 16:30]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [28/07/2004 19:41]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/02/2006 20:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [23/02/2006 06:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2007 10:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [11/04/2006 11:39]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [27/03/2007 06:22]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 10:24]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [08/04/2005 09:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/06/2007 14:59]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 15:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [08/08/2006 13:50:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh]
nnnlkkh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]
AutoRun\command- reper.exe

-- End of Deckard's System Scanner: finished at 2008-01-22 22:16:52 ------------

Ried · 01-22-2008, 08:33 PM

Hi loreto08,

While you're waiting for me to review these logs, please get the Recovery Console installed on this system.

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System

Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.

loreto08 · 01-22-2008, 08:42 PM

Hi Ried,

Here's the requested CF-RC.txt file:-

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

Ried · 01-22-2008, 08:49 PM

Thank you, it looks as it should. While you're online...

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.

***************************************************

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix). Do not run it yet.

--------------------------------------------------------------------

1. Disconnect from the internet.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

---------------------------------------------------------------------

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.

--------------------------------------------------------------------

From Normal Mode....

Open notepad and copy/paste the text in the code box below into it:

Code:

File::
C:\WINDOWS\BM97b9cf3f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\uyxmqrpg.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
C:\ComboFix.txt
Kaspersky results
New HijackThis log
Update on system behavior

loreto08 · 01-23-2008, 06:57 AM

Hi Ried,

I have attached all the results. I left the laptop running for the whole night to have Kapersky online scan done. Didn't get any popups during this time and the Windows explorer has also not crashed yet. Will update you about the performance after observing 1-2 days.

Thanks, thanks and thanks again for your time and help.

ComboFix 08-01-23.1 - Arana 2008-01-22 23:26:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.413 [GMT -6:00]
Running from: C:\Documents and Settings\Arana\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Arana\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\BM97b9cf3f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\uyxmqrpg.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM97b9cf3f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\uyxmqrpg.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-22 23:02 . 2008-01-22 23:02 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-22 22:40 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-01-22 22:40 . 2007-12-16 22:24 209 --a------ C:\Boot.bak
2008-01-22 21:51 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 15:10 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys
2008-01-14 23:20 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-14 22:54 . 2008-01-22 15:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-14 22:54 . 2008-01-22 15:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-14 22:54 . 2008-01-22 15:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-14 22:53 . 2008-01-22 16:34 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-14 20:02 . 2008-01-14 20:02 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-14 19:29 . 2008-01-14 19:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 15:27 . 2008-01-14 20:12 <DIR> d-------- C:\Program Files\Turbo C++
2008-01-06 22:33 . 2008-01-12 14:34 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-06 22:33 . 2008-01-06 22:33 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-04 23:26 . 2008-01-04 23:38 <DIR> d-------- C:\Program Files\Media Converter SA Edition
2007-12-30 18:02 . 2007-12-30 18:02 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-27 22:52 . 2007-12-27 22:52 <DIR> d-------- C:\Garmin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 22:04 --------- d-----w C:\Program Files\iTunes
2008-01-22 22:03 --------- d-----w C:\Program Files\GoogleAFE
2008-01-22 22:03 --------- d-----w C:\Program Files\Google
2008-01-22 21:58 --------- d-----w C:\Program Files\Apoint
2008-01-15 02:07 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-15 02:00 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-15 01:09 --------- d-----w C:\Program Files\Common Files\Borland Shared
2008-01-14 22:35 --------- d-----w C:\Program Files\IrfanView
2008-01-09 16:18 5,278 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-09 15:15 --------- d-----w C:\Program Files\Java
2007-12-31 00:11 --------- d-----w C:\Program Files\QuickTime
2007-12-26 23:20 --------- d-----w C:\Program Files\SopCast
2007-12-17 04:48 --------- d-----w C:\Program Files\Trend Micro
2007-12-17 03:39 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-17 03:39 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-12-03 01:26 --------- d-----w C:\Program Files\Crazy Browser
2007-12-01 16:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-30 00:18 --------- d-----w C:\Program Files\LizardTech
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 23:40 222,720 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-11 06:23 56 --sh--r C:\WINDOWS\system32\502EB1F13D.sys
2006-03-18 18:45 56 -csh--r C:\WINDOWS\system32\FA654F8D24.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-22_22.09.58.78 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 03:53:23 233,472 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-23 05:26:22 233,472 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-23 03:53:23 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-23 05:26:22 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-23 03:53:23 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-23 05:26:22 237,568 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-23 03:53:23 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-23 05:26:22 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-23 03:53:24 9,904,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-23 05:26:23 9,904,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-23 03:53:24 176,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-23 05:26:23 176,128 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-22 10:53:33 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-23 05:03:16 9,904,128 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-23 05:03:16 176,128 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-22 10:53:33 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-23 05:02:52 9,904,128 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-23 05:02:53 176,128 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 11:39 176201]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 06:22 4670968]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-08 09:43 1953792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:59 68856]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:22 3739648]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24 684032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 19:20 8192]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:30 823362]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-28 19:41 1122304]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-01 20:44 168448]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 06:45 278528]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R0 PQV2i;PQV2i;C:\WINDOWS\system32\drivers\PQV2i.sys [2004-07-28 18:33]
R1 PQIMount;PQIMount;C:\WINDOWS\system32\drivers\PQIMount.sys [2004-07-28 19:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]
\Shell\AutoRun\command - reper.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 23:27:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-22 23:28:35
ComboFix-quarantined-files.txt 2008-01-23 05:28:20
ComboFix2.txt 2008-01-23 04:10:17
.
2008-01-08 21:44:40 --- E O F ---

Deckard's System Scanner v20071014.68
Run by Arana on 2008-01-23 08:53:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 1.37 GiB (less than 15%) free.

-- HijackThis (run as Arana.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:54:27, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Animesh Spyware removal\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Arana.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10534 bytes

-- Files created between 2007-12-23 and 2008-01-23 -----------------------------

2008-01-22 23:02:29 0 d-------- C:\WINDOWS\ERUNT
2008-01-22 22:39:55 0 d-------- C:\cmdcons
2008-01-22 15:10:55 8576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys <Not Verified; Panda Software International; RKPavProc Driver>
2008-01-16 18:58:03 0 d-------- C:\Documents and Settings\Kiran\Application Data\Mozilla
2008-01-15 19:27:50 0 d-------- C:\Borland
2008-01-14 23:20:29 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-14 22:53:57 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-01-14 20:02:55 0 d-------- C:\Program Files\Lavasoft
2008-01-14 20:02:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-14 19:29:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 17:35:13 0 d--h----- C:\Documents and Settings\Arana\.huptlzo
2008-01-14 17:35:13 0 d-------- C:\Documents and Settings\Arana\.borland
2008-01-14 15:27:17 0 d-------- C:\Program Files\Turbo C++ <TURBOC~1>
2008-01-14 14:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-04 23:26:00 0 d-------- C:\Program Files\Media Converter SA Edition
2007-12-30 18:02:41 0 d-------- C:\Program Files\Apple Software Update
2007-12-30 18:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-12-27 22:52:16 0 d-------- C:\Garmin

-- Find3M Report ---------------------------------------------------------------

2008-01-22 16:04:04 0 d-------- C:\Program Files\iTunes
2008-01-22 16:03:32 0 d-------- C:\Program Files\GoogleAFE
2008-01-22 16:03:31 0 d-------- C:\Program Files\Google
2008-01-22 15:58:17 0 d-------- C:\Program Files\Apoint
2008-01-14 22:19:50 0 d-------- C:\Program Files\Common Files
2008-01-14 20:00:04 0 d-------- C:\Program Files\Microsoft.NET
2008-01-14 19:09:07 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-01-14 16:35:31 0 d-------- C:\Program Files\IrfanView
2008-01-09 10:18:41 5278 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-09 09:15:30 0 d-------- C:\Program Files\Java
2007-12-30 18:11:18 0 d-------- C:\Program Files\QuickTime
2007-12-26 17:20:59 0 d-------- C:\Program Files\SopCast
2007-12-17 10:09:52 0 d-------- C:\Documents and Settings\Arana\Application Data\Skype
2007-12-17 09:20:47 0 d-------- C:\Documents and Settings\Arana\Application Data\Adobe
2007-12-17 09:20:43 1158 --a------ C:\WINDOWS\mozver.dat
2007-12-16 22:48:01 0 d-------- C:\Program Files\Trend Micro
2007-12-16 21:39:08 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-12-16 21:39:03 0 d-------- C:\Program Files\Windows Live Safety Center
2007-12-15 17:58:20 0 d-------- C:\Documents and Settings\Arana\Application Data\Ahead
2007-12-11 00:10:00 0 d-------- C:\Documents and Settings\Arana\Application Data\SopCast
2007-12-10 10:32:06 0 d-------- C:\Documents and Settings\Arana\Application Data\AdobeUM
2007-12-03 22

55 0 d-------- C:\Documents and Settings\Arana\Application Data\Mozilla
2007-12-02 19:30:57 0 --ahs---- C:\Documents and Settings\Arana\Application Data\f1a797a6f964dcab1e0706db9cb0aec4bf6e3f0a.dat
2007-12-02 19:26:45 0 d-------- C:\Program Files\Crazy Browser
2007-12-01 10:51:15 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-29 18:18:07 0 d-------- C:\Program Files\LizardTech
2007-11-25 14:43:00 0 d-------- C:\Documents and Settings\Arana\Application Data\Viewpoint

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [13/09/2004 16:33]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 14:59]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [01/09/2005 17:24]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [23/02/2005 16:19]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [06/12/2004 01:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [10/06/2005 10:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [10/06/2005 10:44]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [08/09/2005 19:20]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [30/08/2005 16:30]
"Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [28/07/2004 19:41]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [01/02/2006 20:44]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [23/02/2006 06:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 01:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/12/2007 10:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [11/04/2006 11:39]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [27/03/2007 06:22]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 10:24]
"NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [08/04/2005 09:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/06/2007 14:59]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 15:22]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [30/03/2006 16:45]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [08/08/2006 13:50:32]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]
AutoRun\command- reper.exe

-- End of Deckard's System Scanner: finished at 2008-01-23 08:54:54 ------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 23, 2008 8:41:17 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/01/2008
Kaspersky Anti-Virus database records: 527717
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 79581
Number of viruses found: 11
Number of infected objects: 39
Number of suspicious objects: 0
Duration of the scan process: 04:34:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e6915c7df422f2974e724065902a8b09_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cert8.db Object is locked skipped
C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\history.dat Object is locked skipped
C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\key3.db Object is locked skipped
C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\parent.lock Object is locked skipped
C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Arana\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\History\History.IE5\MSHist012008012220080123\index.dat Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Temp\JET36FC.tmp Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Temp\Perflib_Perfdata_9b0.dat Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Arana\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Arana\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Arana\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Crazy Browser\load.exe Infected: not-a-virus:FraudTool.Win32.Avola.b skipped
C:\Program Files\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ayiytwdj.dll.vir Infected: Backdoor.Win32.Agent.dlj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bklpbqxm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bndqdpuk.dll.vir Infected: Backdoor.Win32.Agent.dlj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\bqgfvwjh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dim skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ceqkurxh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddmvrxff.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mdqdcwic.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mgqswbds.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nvebpnet.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnl skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\obyphxpo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ovxtsttv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\qnstphpc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\quajsvoc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\srkxaurr.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\trsfnkfv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wchflhdt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wmvwdulm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\catchme2008-01-22_220521.37.zip/sstqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bxe skipped
C:\QooBox\Quarantine\catchme2008-01-22_220521.37.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066340.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066342.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066343.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066344.dll Infected: Backdoor.Win32.Agent.dlj skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066345.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dim skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066347.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066348.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066366.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066367.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ec skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnl skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066371.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066372.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066377.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066379.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066385.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066388.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066390.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP371\A0066432.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bxe skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{EBB98965-2BAB-4165-A3C0-82AFA5754623}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5FE30BED-F88B-42F0-A50A-2BD1EE5D81F4}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd4429.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP373\change.log Object is locked skipped

Scan process completed.

loreto08 · 01-23-2008, 08:54 AM

Hi Ried,

Just out of curiousity, I ran the online Panda scan again. The results show that the laptop is still infected with virus/spyware/hacktools.

Is there something else to be done to get rid of these? I have attached the latest log from Panda online scan.

Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Animesh Spyware removal\ComboFix\nircmd.cfexe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Animesh Spyware removal\ComboFix\nircmd.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Animesh Spyware removal\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Animesh Spyware removal\ComboFix.exe[nircmd.cfexe]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.overture.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[server.iad.liveperson.net/hc/78221172]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.advertising.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.go.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.enhance.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.com.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Arana\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Arana\Cookies\arana@go[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Arana\Desktop\ComboFix.exe[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Arana\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arana\Desktop\SDFix\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arana\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Arana\Local Settings\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\Cache\C2152591d01[nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Arana\Local Settings\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\Cache\C2152591d01[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Arana\Local Settings\Application Data\Mozilla\Firefox\Profiles\zbmj0voj.default\Cache\DD0DBD66d01[SDFix\apps\Process.exe]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\9lbnwmb4.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\9lbnwmb4.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kiran\Application Data\Mozilla\Firefox\Profiles\9lbnwmb4.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@adrevolver[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@azjmp[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@c5.zedo[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@doubleclick[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@media.adrevolver[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@www5.addfreestats[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Kiran\Cookies\kiran@zedo[2].txt
Adware:Adware/Awola Not disinfected C:\Program Files\Crazy Browser\load.exe
Adware:Adware/WhenUSearch Not disinfected C:\Program Files\DAEMON Tools\SetupDTSB.exe
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ayiytwdj.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bklpbqxm.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bndqdpuk.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\bqgfvwjh.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ceqkurxh.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ddmvrxff.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gqofxtpu.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gttwtnrq.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\gxntjmbv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\iemadlpg.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\jbnmjiac.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\kobbftrn.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\mdqdcwic.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\nhxuwikv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\obyphxpo.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\ovxtsttv.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\oxlkvrhj.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\qnstphpc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\quajsvoc.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\srkxaurr.exe.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\tldghfxi.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\trsfnkfv.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\txjjfkfo.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\wmvwdulm.dll.vir
Spyware:Spyware/Vundo Not disinfected C:\QooBox\Quarantine\C\WINDOWS\system32\xwmqafuo.dll.vir
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe

Ried · 01-23-2008, 06:14 PM

Hi loreto08,

The online scans are detecting mostly cookies, and tools we've used to clean the system, as well as the backups they created. We'll take care of that shortly.

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files:

C:\Program Files\Crazy Browser\load.exe
C:\Program Files\DAEMON Tools\SetupDTSB.exe

--------------------------------------------------------------------

Open notepad and copy/paste the entire text in the code box below: (don't forget to copy and paste REGEDIT4)

Code:

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}]

Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files"
It should look like this:

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

--------------------------------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the tools we've used, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.

Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

loreto08 · 01-23-2008, 07:10 PM

Hi Ried,

I am unable to download ATF Cleaner by Atribune, using the link provided. Is there some other link I can use to download?

Ried · 01-23-2008, 08:21 PM

There may be an issue with the site today. You can clear those cookies yourself:

Clear Mozilla Firefox cookies:

Open the Mozilla Browser>Tools>Options>Privacy>Cookies>Clear

--------------------------------------------------------------------

Clear your Internet Explorer7 cookies.

* Click on the Start button, then >Control Panel>Internet Options>General tab
* Under Browsing History, click on Delete.
* In the Delete Browsing History box that opens, click on Delete cookies

loreto08 · 03-23-2008, 08:08 PM

Hi Ried,

I have been using my laptop without any adware/virus for the past 2 months. Thanks for all the help and support you provided.

Ried · 03-24-2008, 09:12 PM

You're quite welcome, loreto08. Thanks for getting back to me.

01-14-2008, 11:42 PM	#1 (permalink)
loreto08 Registered User Join Date: Jan 2008 Posts: 61 OS: Windows XP SP2	Unable to attach anything to emails and keep getting popups/ads Hi, I have been troubled by spyware/adware since past one month. I switched to Firefox browser to prevent multiple popups coming up when using IE. Since then, the number of popups has decreased, but they still popup in a separate IE window sporadically. The real problem I face now is that since yesterday, I am unable to attach anything to hotmail, yahoomail or gmail from my hard disk, and get the following error message (in Firefox):- "The connection to the server was reset while the page was loading. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web." I don't know what's the problem as the internet is up and running and the above error message related to limited internet connection comes up only when attaching something to any newly composed email in gmail, hotmail or yahoomail. The problem is same in IE too, where the IE message is different:- "Internet Explorer cannot display the webpage Most likely causes: You are not connected to the Internet. The website is encountering problems. There might be a typing error in the address. What you can try: Diagnose Connection Problems More information This problem can be caused by a variety of issues, including: Internet connectivity has been lost. The website is temporarily unavailable. The Domain Name Server (DNS) is not reachable. The Domain Name Server (DNS) does not have a listing for the website's domain. If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section. " When using the IE, the Laptop processing is very very slow and a popup window doing dummy security online check from "MalwareAlarm Online Security Scanner" keeps bugging. :-( I tried followed all the 5 initial steps before posting the log. But when I finished with the online Panda scan and clicked See Report button, get a VBScript error message in a dialog box:- "You need to connect to the Internet now in order to continue using Panda ActiveScan". I guess the reason for this error and attachment not loading from disk to mail is identical. I suspect that I may have "fixed" some file/plugin needed by browser to load local files, during my "R&D" to solve the popup/adware issues using HiJackThis. Here's the summary after online Panda Scan (as I can't load the report using See Report):- Virus - 1 Spyware - 83 Hacking tools and rootkits - 4 Can someone please help me in identifying the component/dll/exe, that I may have deleted ("fixed" using HijackThis) or has been bugged by adware/spyware, due to which my browsers (both IE/Firefox) are not able to load files from hard disk, with reason that there is no internet connection, even though the net is up and running? Only then can I further proceed to generate the online Panda logfile, etc. Thanks in Advance

01-15-2008, 11:07 PM	#2 (permalink)
loreto08 Registered User Join Date: Jan 2008 Posts: 61 OS: Windows XP SP2	Re: Unable to attach anything to emails and keep getting popups/ads Bump... Please help me in resolving the issue. I have bumped before the suggested 72 hours wait-time, just to confirm again, that the internet connection really doesn't have any problems, and other laptops connected to the same wifi connection are working good.

01-18-2008, 09:06 AM	#3 (permalink)
loreto08 Registered User Join Date: Jan 2008 Posts: 61 OS: Windows XP SP2	Re: Unable to attach anything to emails and keep getting popups/ads BUMP I know that the absurd problem description doesn't encourage anyone to help me. But please help me with the multiple popups/adwares. May be getting rid of these things can just not make the laptop faster, but remove the problem above. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:58, on 2008-01-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\SopCast\adv\SopAdver.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [948afca3] rundll32.exe "C:\WINDOWS\system32\vshgngtg.dll",b O4 - HKLM\..\Run: [BM97b9cf3f] Rundll32.exe "C:\WINDOWS\system32\tldghfxi.dll",s O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJhbmE\command.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10233 bytes

01-22-2008, 05:59 PM	#4 (permalink)
loreto08 Registered User Join Date: Jan 2008 Posts: 61 OS: Windows XP SP2	[B]Laptop very slow. Windows/Internet Explorer keeps crashing[/B] Hi, My laptop is bugged with virus/adware/popup since past one month. I had to switch to Firefox for browsing as trying IE invokes irritating popups, crashes the windows explorer and the task bar (as well as desktop content) vanishes. No extra.txt file is getting created in C:\Deckard\System Scanner. Yes, the directory has only main.txt created and no file like extra.txt is minimized/created. Here're the log file after DSS run:- Deckard's System Scanner v20071014.68 Run by Arana on 2008-01-22 19:46:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- System Drive C: has 1.4 GiB (less than 15%) free. -- HijackThis (run as Arana.exe) ----------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:48, on 2008-01-22 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\explorer.exe C:\Animesh Spyware removal\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Arana.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Plugin Class - {56CD20F0-7C09-11D5-A768-0050042307CE} - C:\PlayerIE\playerIE.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {9BAD6220-9BF1-4971-9D55-7A439FE22381} - C:\WINDOWS\system32\sstqp.dll O2 - BHO: {a9b8b75f-978c-e479-0944-8d501b912f2a} - {a2f219b1-05d8-4490-974e-c879f57b8b9a} - C:\WINDOWS\system32\rqtxuxrq.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [948afca3] rundll32.exe "C:\WINDOWS\system32\spmfdytb.dll",b O4 - HKLM\..\Run: [BM97b9cf3f] Rundll32.exe "C:\WINDOWS\system32\gyxpelqq.dll",s O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/f...trol_en_US.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase4009.cab O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://download.sopcast.com/download/SOPCORE.CAB O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: nnnlkkh - nnnlkkh.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QXJhbmE\command.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 10999 bytes -- Files created between 2007-12-22 and 2008-01-22 ----------------------------- 2008-01-22 15:10:55 8576 --a------ C:\WINDOWS\system32\drivers\isyjabjtopxd.sys <Not Verified; Panda Software International; RKPavProc Driver> 2008-01-22 1509 0 d-------- C:\WINDOWS\LastGood 2008-01-21 20:17:29 88640 --a------ C:\WINDOWS\system32\spmfdytb.dll 2008-01-21 20:11:28 70208 --a------ C:\WINDOWS\system32\gyxpelqq.dll 2008-01-21 20:09:10 78912 --a------ C:\WINDOWS\system32\rqtxuxrq.dll 2008-01-17 18:33:17 86592 --a------ C:\WINDOWS\system32\vshgngtg.dll 2008-01-17 18:27:26 70208 --a------ C:\WINDOWS\system32\tldghfxi.dll 2008-01-17 18:27:19 77376 --a------ C:\WINDOWS\system32\iwlybxcb.dll 2008-01-16 18:58:03 0 d-------- C:\Documents and Settings\Kiran\Application Data\Mozilla 2008-01-16 18:25:43 76864 --a------ C:\WINDOWS\system32\qtijugrp.dll 2008-01-16 18:25:31 70208 --a------ C:\WINDOWS\system32\gqofxtpu.dll 2008-01-15 19:27:50 0 d-------- C:\Borland 2008-01-15 18:30:15 89152 --a------ C:\WINDOWS\system32\qubipxoh.dll 2008-01-15 18:26:19 70208 --a------ C:\WINDOWS\system32\oxlkvrhj.dll 2008-01-15 18:26:12 79936 --a------ C:\WINDOWS\system32\lxlnsvdb.dll 2008-01-14 23:20:29 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus> 2008-01-14 22:53:57 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-01-14 20:02:55 0 d-------- C:\Program Files\Lavasoft 2008-01-14 20:02:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-01-14 19:29:00 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-01-14 18:25:55 70208 --a------ C:\WINDOWS\system32\iemadlpg.dll 2008-01-14 18:25:43 77888 --a------ C:\WINDOWS\system32\dfgvsivh.dll 2008-01-14 17:35:13 0 d--h----- C:\Documents and Settings\Arana\.huptlzo 2008-01-14 17:35:13 0 d-------- C:\Documents and Settings\Arana\.borland 2008-01-14 15:27:17 0 d-------- C:\Program Files\Turbo C++ <TURBOC~1> 2008-01-14 14:44:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-13 18:30:17 90176 --a------ C:\WINDOWS\system32\qnstphpc.dll 2008-01-13 18:24:29 79936 --a------ C:\WINDOWS\system32\nwrcpnkk.dll 2008-01-13 18:24:19 70208 --a------ C:\WINDOWS\system32\jbnmjiac.dll 2008-01-12 18:27:57 90176 --a------ C:\WINDOWS\system32\trsfnkfv.dll 2008-01-12 18:25:08 76864 --a------ C:\WINDOWS\system32\nvebpnet.dll 2008-01-12 18:24:57 70208 --a------ C:\WINDOWS\system32\kobbftrn.dll 2008-01-11 18:25:05 70208 --a------ C:\WINDOWS\system32\gxntjmbv.dll 2008-01-11 18:25:01 76864 --a------ C:\WINDOWS\system32\oytllbeo.dll 2008-01-10 18:24:29 70208 --a------ C:\WINDOWS\system32\gttwtnrq.dll 2008-01-10 18:24:22 79424 --a------ C:\WINDOWS\system32\wchflhdt.dll 2008-01-09 18:23:23 79936 --a------ C:\WINDOWS\system32\hdylmfaa.dll 2008-01-08 18:25:05 77888 --a------ C:\WINDOWS\system32\payhdtdl.dll 2008-01-07 18:24:01 76864 --a------ C:\WINDOWS\system32\tlrpuwif.dll 2008-01-06 18:25:40 75840 --a------ C:\WINDOWS\system32\hkyggfvx.dll 2008-01-05 18:26:31 90176 --a------ C:\WINDOWS\system32\ddmvrxff.dll 2008-01-05 18:23:33 78912 --a------ C:\WINDOWS\system32\prbwsvga.dll 2008-01-04 23:26:00 0 d-------- C:\Program Files\Media Converter SA Edition 2008-01-04 18:23:17 79424 --a------ C:\WINDOWS\system32\wwbubwly.dll 2008-01-03 18:21:13 78400 --a------ C:\WINDOWS\system32\mgqswbds.dll 2008-01-02 18:22:08 90176 --a------ C:\WINDOWS\system32\mdqdcwic.dll 2008-01-02 18:20:31 78400 --a------ C:\WINDOWS\system32\txjjfkfo.dll 2008-01-01 18:28:05 90176 --a------ C:\WINDOWS\system32\obyphxpo.dll 2008-01-01 18:25:01 77376 --a------ C:\WINDOWS\system32\xwmqafuo.dll 2007-12-31 18:22:38 78912 --a------ C:\WINDOWS\system32\nhxuwikv.dll 2007-12-30 18:20:59 78400 --a------ C:\WINDOWS\system32\anuaocrp.dll 2007-12-30 18:02:41 0 d-------- C:\Program Files\Apple Software Update 2007-12-30 18:02:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2007-12-29 18:20:45 90176 --a------ C:\WINDOWS\system32\wmvwdulm.dll 2007-12-29 18:18:14 78912 --a------ C:\WINDOWS\system32\wtvclpes.dll 2007-12-28 18:22:22 90176 --a------ C:\WINDOWS\system32\bklpbqxm.dll 2007-12-28 18:22:14 77888 --a------ C:\WINDOWS\system32\bqgfvwjh.dll 2007-12-27 22:52:16 0 d-------- C:\Garmin 2007-12-27 18:25:57 81984 --a------ C:\WINDOWS\system32\ifcdnsac.dll 2007-12-26 16:03:13 80448 --a------ C:\WINDOWS\system32\fchbpbdb.dll 2007-12-26 01:56:11 77376 --a------ C:\WINDOWS\system32\dfnnteia.dll 2007-12-26 01:53:12 87104 --a------ C:\WINDOWS\system32\ayiytwdj.dll 2007-12-25 01:52:16 78400 --a------ C:\WINDOWS\system32\wgvkbuhu.dll 2007-12-25 01:49:14 87104 --a------ C:\WINDOWS\system32\bndqdpuk.dll -- Find3M Report --------------------------------------------------------------- 2008-01-22 19:48:12 335474 --ahs---- C:\WINDOWS\system32\pqtss.ini2 2008-01-22 16:04:04 0 d-------- C:\Program Files\iTunes 2008-01-22 16:03:32 0 d-------- C:\Program Files\GoogleAFE 2008-01-22 16:03:31 0 d-------- C:\Program Files\Google 2008-01-22 15:58:17 0 d-------- C:\Program Files\Apoint 2008-01-14 22:19:50 0 d-------- C:\Program Files\Common Files 2008-01-14 20:00:04 0 d-------- C:\Program Files\Microsoft.NET 2008-01-14 19:09:07 0 d-------- C:\Program Files\Common Files\Borland Shared 2008-01-14 16:35:31 0 d-------- C:\Program Files\IrfanView 2008-01-09 10:18:41 5278 --ahs--c- C:\WINDOWS\system32\KGyGaAvL.sys 2008-01-09 09:15:30 0 d-------- C:\Program Files\Java 2007-12-30 18:11:18 0 d-------- C:\Program Files\QuickTime 2007-12-26 17:20:59 0 d-------- C:\Program Files\SopCast 2007-12-20 21:15:55 85568 --a------ C:\WINDOWS\system32\quajsvoc.dll 2007-12-18 21:23:46 85568 --a------ C:\WINDOWS\system32\ovxtsttv.dll 2007-12-17 10:09:52 0 d-------- C:\Documents and Settings\Arana\Application Data\Skype 2007-12-17 09:20:47 0 d-------- C:\Documents and Settings\Arana\Application Data\Adobe 2007-12-17 09:20:43 1158 --a------ C:\WINDOWS\mozver.dat 2007-12-17 01:07:27 0 d-------- C:\Program Files\Temporary 2007-12-16 22:48:01 0 d-------- C:\Program Files\Trend Micro 2007-12-16 21:46:37 10 --a------ C:\Program Files\.autoreg 2007-12-16 21:39:08 0 d-------- C:\Program Files\Microsoft Windows OneCare Live 2007-12-16 21:39:03 0 d-------- C:\Program Files\Windows Live Safety Center 2007-12-16 20:14:54 85568 --a------ C:\WINDOWS\system32\ceqkurxh.dll 2007-12-15 20:13:40 334848 --a------ C:\WINDOWS\system32\sstqp.dll 2007-12-15 17:58:20 0 d-------- C:\Documents and Settings\Arana\Application Data\Ahead 2007-12-11 00:10:00 0 d-------- C:\Documents and Settings\Arana\Application Data\SopCast 2007-12-10 10:32:06 0 d-------- C:\Documents and Settings\Arana\Application Data\AdobeUM 2007-12-03 2255 0 d-------- C:\Documents and Settings\Arana\Application Data\Mozilla 2007-12-02 19:30:57 0 --ahs---- C:\Documents and Settings\Arana\Application Data\f1a797a6f964dcab1e0706db9cb0aec4bf6e3f0a.dat 2007-12-02 19:26:45 0 d-------- C:\Program Files\Crazy Browser 2007-12-01 10:51:15 0 d-------- C:\Program Files\Windows Media Connect 2 2007-11-29 18:18:07 0 d-------- C:\Program Files\LizardTech 2007-11-25 14:43:00 0 d-------- C:\Documents and Settings\Arana\Application Data\Viewpoint -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9BAD6220-9BF1-4971-9D55-7A439FE22381}] 2007-12-15 20:13 334848 --a------ C:\WINDOWS\system32\sstqp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a2f219b1-05d8-4490-974e-c879f57b8b9a}] 2008-01-21 20:09 78912 --a------ C:\WINDOWS\system32\rqtxuxrq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 16:33] "@"="" [] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 14:59] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 17:24] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05] "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44] "MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 19:20] "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 16:30] "Norton Ghost 9.0"="C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-28 19:41] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-02-01 20:44] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 06:45] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56] "948afca3"="C:\WINDOWS\system32\spmfdytb.dll" [2008-01-21 20:17] "BM97b9cf3f"="C:\WINDOWS\system32\gyxpelqq.dll" [2008-01-21 20:11] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2006-04-11 11:39] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 06:22] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24] "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-04-08 09:43] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 14:59] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 15:22] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26] Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2006-08-08 13:50:32] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless] C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh] nnnlkkh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\sstqp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}] AutoRun\command- E:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}] AutoRun\command- reper.exe Newly Created Service - ISYJABJTOPXD -- End of Deckard's System Scanner: finished at 2008-01-22 19:49:13 ------------

01-22-2008, 06:31 PM	#6 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,971 OS: WinXP and Vista	Re: Unable to attach anything to emails and keep getting popups/ads Hello loreto08 and welcome to TSF, This will require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/comb...o-use-combofix Link 1 Link 2 Link 3 Note: It is important that it is saved directly to your desktop -------------------------------------------------------------------- 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. -------------------------------------------------------------------- Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a new HijackThis log for further review. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

01-22-2008, 08:33 PM	#8 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,971 OS: WinXP and Vista	Re: Unable to attach anything to emails and keep getting popups/ads Hi loreto08, While you're waiting for me to review these logs, please get the Recovery Console installed on this system. Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log. Please do not reboot your machine until we have reviewed the log. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

01-22-2008, 08:42 PM	#9 (permalink)
loreto08 Registered User Join Date: Jan 2008 Posts: 61 OS: Windows XP SP2	Re: Unable to attach anything to emails and keep getting popups/ads Hi Ried, Here's the requested CF-RC.txt file:- WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

01-22-2008, 08:49 PM	#10 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,971 OS: WinXP and Vista	Re: Unable to attach anything to emails and keep getting popups/ads Thank you, it looks as it should. While you're online... Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions. It's IMPORTANT to carry out the instructions in the sequence listed below. ************************************************* Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix). Do not run it yet. -------------------------------------------------------------------- 1. Disconnect from the internet. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. --------------------------------------------------------------------- 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Use the up arrow key to highlight Safe Mode and press Enter. 5) Login with your usual account. -------------------------------------------------------------------- Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply. -------------------------------------------------------------------- From Normal Mode.... Open notepad and copy/paste the text in the code box below into it: Code: File:: C:\WINDOWS\BM97b9cf3f.xml C:\WINDOWS\pskt.ini C:\WINDOWS\system32\uyxmqrpg.ini Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnlkkh] Save this as CFScript.txt, in the same location as ComboFix.exe Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt -------------------------------------------------------------------- Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course: Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text** button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------------------- Run a new scan with HijackThis and save the log. --------------------------------------------------------------- Please include the following in your next reply: C:\SDFix\Report.txt C:\ComboFix.txt Kaspersky results New HijackThis log Update on system behavior __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

01-23-2008, 06:14 PM	#13 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,971 OS: WinXP and Vista	Re: Unable to attach anything to emails and keep getting popups/ads Hi loreto08, The online scans are detecting mostly cookies, and tools we've used to clean the system, as well as the backups they created. We'll take care of that shortly. Please download ATF Cleaner by Atribune. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. -------------------------------------------------------- Using 'My Computer', navigate to and delete the following Files: C:\Program Files\Crazy Browser\load.exe C:\Program Files\DAEMON Tools\SetupDTSB.exe -------------------------------------------------------------------- Open notepad and copy/paste the entire text in the code box below: (don't forget to copy and paste REGEDIT4) Code: REGEDIT4 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fec350c8-4a6e-11db-93f2-00166f3870c1}] Save the file as "delete.reg". Make sure to save it with the quotes. Choose to "Save type as - All Files" It should look like this: Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards. -------------------------------------------------------------------- Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links: The following procedure will clear out the tools we've used, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u -------------------------------------------------------------------- To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page. IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released. In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles: PC Safety and Security--What Do I Need? HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein THE ANTI-SPYWARE TUTORIAL MAKING INTERNET EXPLORER SAFER Understanding and Using Firewalls Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. ----------------------------------------------------- Follow the list above and the potential for infection will reduce dramatically. Kindly respond one more time and let me know if we may consider this thread resolved. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

01-23-2008, 07:10 PM	#14 (permalink)
loreto08 Registered User Join Date: Jan 2008 Posts: 61 OS: Windows XP SP2	Re: Unable to attach anything to emails and keep getting popups/ads Hi Ried, I am unable to download ATF Cleaner by Atribune, using the link provided. Is there some other link I can use to download?

01-23-2008, 08:21 PM	#15 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,971 OS: WinXP and Vista	Re: Unable to attach anything to emails and keep getting popups/ads There may be an issue with the site today. You can clear those cookies yourself: Clear Mozilla Firefox cookies: Open the Mozilla Browser>Tools>Options>Privacy>Cookies>Clear -------------------------------------------------------------------- Clear your Internet Explorer7 cookies. * Click on the Start button, then >Control Panel>Internet Options>General tab * Under Browsing History, click on Delete. * In the Delete Browsing History box that opens, click on Delete cookies __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."

03-23-2008, 08:08 PM	#16 (permalink)
loreto08 Registered User Join Date: Jan 2008 Posts: 61 OS: Windows XP SP2	Re: Unable to attach anything to emails and keep getting popups/ads Hi Ried, I have been using my laptop without any adware/virus for the past 2 months. Thanks for all the help and support you provided.

03-24-2008, 09:12 PM	#17 (permalink)
Ried Assistant Manager, TSF Academy; Moderator/Analyst Security Team Join Date: Jan 2005 Location: Ohio Posts: 23,971 OS: WinXP and Vista	Re: Unable to attach anything to emails and keep getting popups/ads You're quite welcome, loreto08. Thanks for getting back to me. __________________ Member of ASAP since 2005 Member of UNITE since 2006 "It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."