Tech Support banner

Status
Not open for further replies.
1 - 8 of 8 Posts

·
Registered
Joined
·
5 Posts
Discussion Starter #1
Any help would be great!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:02 PM, on 11/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\ldveghfl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mel\My Documents\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [7cae7dc9] rundll32.exe "C:\WINDOWS\System32\jrgmgkcq.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101MFCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.4.41/aces/aces-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/freecell2/freecell2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/spider/spider-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.4.41/memories/memories-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/wordsearch/wordsearch-en_US.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\ldveghfl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6481 bytes
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
I would like more information before proceeding, please.

Please do this:

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications (except your AntiVirus, AntiSpy apps) and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.
What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.
---------------------------------------------------------------------------------------------
 

·
Registered
Joined
·
5 Posts
Discussion Starter #3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:10 PM, on 11/27/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Steam\steam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mel\Desktop\dss.exe
C:\DOCUME~1\Mel\MYDOCU~1\HIJACK~1\Mel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B0B07BB-6430-4856-B242-7FB5E5DFEB33} - C:\Program Files\InstallShield Installation Information\nipycafuq83122.dll
O2 - BHO: {c671cfc5-f108-5f3a-5e44-98a31b3e29d3} - {3d92e3b1-3a89-44e5-a3f5-801f5cfc176c} - C:\WINDOWS\System32\wdlnlbdb.dll
O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - C:\WINDOWS\System32\ddcabaa.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5D13E6EE-A7B3-455B-B1C5-7AD7F4B6D770} - C:\WINDOWS\System32\ddabb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81A9509A-7D8C-4A90-A102-0423548C1859} - C:\Program Files\InstallShield Installation Information\nipycafuq4444.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\System32\80T7JRip.dll
O2 - BHO: (no name) - {908B8C14-41AF-355D-DE2E-3FE600F65CE5} - C:\WINDOWS\System32\kmsnp.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [7cae7dc9] rundll32.exe "C:\WINDOWS\System32\jrgmgkcq.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101MFCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.4.41/aces/aces-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/freecell2/freecell2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/spider/spider-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.4.41/memories/memories-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/wordsearch/wordsearch-en_US.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: ddcabaa - ddcabaa.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\ldveghfl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8301 bytes

-- Files created between 2007-10-26 and 2007-11-27 -----------------------------

2007-11-24 20:57:59 0 d-------- C:\WINDOWS\System32\??pPatch
2007-11-24 20:57:56 60928 --a------ C:\WINDOWS\System32\kmsnp.dll
2007-11-23 00:12:29 0 d-------- C:\VundoFix Backups
2007-11-20 23:43:29 85056 --a------ C:\WINDOWS\System32\jrgmgkcq.dll
2007-11-20 23:43:28 80960 --a------ C:\WINDOWS\System32\wdlnlbdb.dll
2007-11-20 23:43:26 71232 --a------ C:\WINDOWS\System32\ldveghfl.exe
2007-11-20 23:43:25 351535 ---hs---- C:\WINDOWS\System32\bbadd.bak2
2007-11-20 19:58:30 6473 --ahs---- C:\WINDOWS\System32\bbadd.bak1
2007-11-20 19:57:25 317024 --a------ C:\WINDOWS\System32\ddabb.dll
2007-11-20 19:55:05 2 --a------ C:\WINDOWS\System32\wnsapiisv.exe
2007-11-20 19:55:04 0 d-------- C:\Program Files\Outerinfo
2007-11-20 19:55:04 0 d-------- C:\Program Files\Common Files\?icrosoft
2007-11-20 19:54:46 0 d-------- C:\Program Files\?dobe
2007-11-20 19:52:28 135168 --a------ C:\WINDOWS\tk58.exe
2007-11-20 19:52:26 169147 --a------ C:\WINDOWS\TTC-4444.exe
2007-11-20 19:52:16 0 d-------- C:\WINDOWS\System32\uu2
2007-11-20 19:52:16 0 d-------- C:\WINDOWS\System32\rr2
2007-11-20 19:52:16 0 d-------- C:\WINDOWS\System32\cc1
2007-11-20 19:52:13 0 d-------- C:\WINDOWS\System32\rMa01yy
2007-11-20 19:52:13 0 d-------- C:\Temp
2007-11-20 18:28:32 0 d-------- C:\Documents and Settings\Spenser (smells bad)\Temp
2007-11-17 19:26:40 0 d-------- C:\Documents and Settings\Spenser (smells bad)\src
2007-11-17 19:26:40 203 --a------ C:\Documents and Settings\Spenser (smells bad)\run_studiomdl.bat
2007-11-17 19:26:40 210 --a------ C:\Documents and Settings\Spenser (smells bad)\run_mod.bat
2007-11-17 19:26:40 198 --a------ C:\Documents and Settings\Spenser (smells bad)\run_hlmv.bat
2007-11-17 19:26:40 111 --a------ C:\Documents and Settings\Spenser (smells bad)\run_hammer.bat
2007-11-17 19:26:40 0 d-------- C:\Documents and Settings\Spenser (smells bad)\modelsrc
2007-11-17 19:26:40 0 d-------- C:\Documents and Settings\Spenser (smells bad)\materialsrc
2007-11-17 19:26:40 0 d-------- C:\Documents and Settings\Spenser (smells bad)\mapsrc
2007-11-16 18:18:17 0 d-------- C:\SOURCE
2007-11-11 17:05:09 0 d-------- C:\Program Files\Electronic Arts
2007-11-11 03:48:16 1769472 --a------ C:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-11 03:48:16 1703936 --a------ C:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-10 18:57:40 27200 --a------ C:\WINDOWS\System32\tvQLAM7E.exe
2007-11-09 18:47:56 0 d-------- C:\Program Files\Drum Machine v2
2007-11-06 17:55:35 0 d-------- C:\WINDOWS\LogFiles
2007-11-05 19:12:09 184320 --a------ C:\WINDOWS\System32\80T7JRip.dll <Not Verified; ; WebAssist>
2007-11-05 17:43:08 0 d-------- C:\WINDOWS\System32\NtmsData
2007-11-03 18:58:31 0 d-------- C:\Program Files\Pivot Stickfigure Animator
2007-11-03 08:29:42 184320 --a------ C:\WINDOWS\System32\kySiYT6O.dll <Not Verified; ; WebAssist>
2007-11-02 19:13:31 0 d-------- C:\Documents and Settings\Spenser (smells bad)\Application Data\Notepad++
2007-10-28 18:55:18 27200 --a------ C:\WINDOWS\System32\8458I1Rj.exe
2007-10-26 00:18:26 0 d-------- C:\WINDOWS\7104189AC5924A56AC9E7C0CA135DA3C.TMP
2007-10-26 00:17:31 0 d-------- C:\Program Files\Focus & CDV


-- Find3M Report ---------------------------------------------------------------

2007-11-26 21:48:23 0 d-------- C:\Program Files\Soulseek
2007-11-26 21:07:42 0 d-------- C:\Program Files\Steam
2007-11-26 17:25:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-26 16:40:08 0 d-------- C:\Documents and Settings\Mel\Application Data\foobar2000
2007-11-26 04:08:44 0 d-------- C:\Documents and Settings\Mel\Application Data\uTorrent
2007-11-25 02:31:07 0 --a------ C:\Documents and Settings\Mel\Application Data\AVSDVDPlayer.m3u
2007-11-24 20:57:59 0 d-------- C:\Program Files\Common Files\?icrosoft
2007-11-21 08:00:27 0 d-------- C:\Documents and Settings\Mel\Application Data\AVG7
2007-11-21 03:24:06 0 d-------- C:\Program Files\Common Files
2007-11-20 19:54:46 0 d-------- C:\Program Files\?dobe
2007-11-13 00:09:27 0 d-------- C:\Program Files\id Software
2007-10-31 19:38:52 0 d-------- C:\Program Files\VTFEdit
2007-10-26 18:47:52 0 d-------- C:\Program Files\Valve
2007-10-26 00:18:22 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-26 00:17:07 0 d-------- C:\Program Files\DOSBox-0.72
2007-10-25 20:00:19 0 d-------- C:\Program Files\NVIDIA Corporation
2007-10-25 07:24:20 53760 --a------ C:\WINDOWS\b122.exe
2007-10-23 01:46:37 0 d-------- C:\Documents and Settings\Mel\Application Data\Bioshock
2007-10-22 22:59:41 0 d-------- C:\Program Files\DIFX
2007-10-22 22:59:19 0 d-------- C:\Program Files\AGEIA Technologies
2007-10-22 21:23:18 14858 --a------ C:\Program Files\install.log
2007-10-22 17:12:21 0 d-------- C:\Program Files\AV Vcs 6.0 DIAMOND
2007-10-21 21:36:44 0 d-------- C:\Program Files\Fraps
2007-10-21 17:05:27 182 --a------ C:\run_studiomdl.bat
2007-10-21 17:05:27 164 --a------ C:\run_mod.bat
2007-10-21 17:05:27 177 --a------ C:\run_hlmv.bat
2007-10-21 17:05:27 111 --a------ C:\run_hammer.bat
2007-10-21 15:08:23 0 d-------- C:\Program Files\Xilisoft
2007-10-21 14:49:51 0 d-------- C:\Program Files\SuperDVD Video Editor
2007-10-21 01:40:10 0 d-------- C:\Program Files\MagicDVDRipper
2007-10-21 01:31:28 0 d-------- C:\Documents and Settings\Mel\Application Data\Identities
2007-10-21 01:02:26 0 d-------- C:\Program Files\iSofter
2007-10-21 01:02:21 0 d-------- C:\Program Files\Common Files\Download Manager
2007-10-21 00:52:13 0 d-------- C:\Documents and Settings\Mel\Application Data\dvdcss
2007-10-20 19:55:04 0 d-------- C:\Program Files\Chilkat Software Inc
2007-10-18 15:39:53 0 d-------- C:\Program Files\Darkness Within Demo
2007-10-14 22:55:50 0 d-------- C:\Program Files\ADRIFT
2007-10-12 23:09:45 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2007-10-12 17:02:32 0 d-------- C:\Program Files\Common Files\Thraex Software
2007-10-12 16:38:59 0 d-------- C:\Program Files\LeoCAD
2007-10-02 00:47:55 0 d-------- C:\Documents and Settings\Mel\Application Data\Codemasters
2007-10-02 00:14:35 0 d-------- C:\Documents and Settings\Mel\Application Data\InstallShield
2007-09-30 19:11:49 0 d-------- C:\Program Files\SystemRequirementsLab
2007-09-28 19:29:14 0 d-------- C:\Program Files\Terrain Generator
2007-09-24 15:33:07 180 --a------ C:\Program Files\run_studiomdl.bat
2007-09-24 15:33:07 170 --a------ C:\Program Files\run_mod.bat
2007-09-24 15:33:07 175 --a------ C:\Program Files\run_hlmv.bat
2007-09-24 15:33:07 103 --a------ C:\Program Files\run_hammer.bat
2007-09-20 04:27:16 662016 --a------ C:\WINDOWS\System32\xvidcore.dll
2007-09-20 04:27:16 200704 --a------ C:\WINDOWS\System32\TomsMoComp_ff.dll
2007-09-20 04:27:16 60273 --a------ C:\WINDOWS\System32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2007-09-20 04:27:16 405504 --a------ C:\WINDOWS\System32\libmplayer.dll
2007-09-20 04:27:16 114688 --a------ C:\WINDOWS\System32\libmpeg2_ff.dll
2007-09-20 04:27:16 3190784 --a------ C:\WINDOWS\System32\libavcodec.dll
2007-09-20 04:27:16 511488 --a------ C:\WINDOWS\System32\ff_x264.dll
2007-09-20 04:27:16 26624 --a------ C:\WINDOWS\System32\ff_wmv9.dll
2007-09-20 04:27:16 7680 --a------ C:\WINDOWS\System32\ff_vfw.dll
2007-09-20 04:27:16 38400 --a------ C:\WINDOWS\System32\ff_unrar.dll
2007-09-20 04:27:16 79872 --a------ C:\WINDOWS\System32\ff_tremor.dll
2007-09-20 04:27:16 143360 --a------ C:\WINDOWS\System32\ff_theora.dll
2007-09-20 04:27:16 122880 --a------ C:\WINDOWS\System32\ff_samplerate.dll
2007-09-20 04:27:16 97280 --a------ C:\WINDOWS\System32\ff_realaac.dll
2007-09-20 04:27:16 118784 --a------ C:\WINDOWS\System32\ff_libmad.dll
2007-09-20 04:27:16 245760 --a------ C:\WINDOWS\System32\ff_libfaad2.dll
2007-09-20 04:27:16 155648 --a------ C:\WINDOWS\System32\ff_libdts.dll
2007-09-20 04:27:16 40960 --a------ C:\WINDOWS\System32\ff_liba52.dll
2007-09-20 04:27:16 221184 --a------ C:\WINDOWS\System32\ff_kernelDeint.dll
2007-09-20 04:27:16 741376 --a------ C:\WINDOWS\System32\audxlib.dll
2007-09-17 17:36:55 23 --a------ C:\WINDOWS\popcinfot.dat
2007-09-17 01:07:00 1626112 --a------ C:\WINDOWS\System32\nwiz.exe
2007-09-17 01:07:00 1019904 --a------ C:\WINDOWS\System32\nvwimg.dll
2007-09-17 01:07:00 1703936 --a------ C:\WINDOWS\System32\nvwdmcpl.dll
2007-09-17 01:07:00 466944 --a------ C:\WINDOWS\System32\nvshell.dll
2007-09-17 01:07:00 1478656 --a------ C:\WINDOWS\System32\nview.dll
2007-09-17 01:07:00 1339392 --a------ C:\WINDOWS\System32\nvdspsch.exe
2007-09-17 01:07:00 442368 --a------ C:\WINDOWS\System32\nvappbar.exe
2007-09-17 01:07:00 425984 --a------ C:\WINDOWS\System32\keystone.exe
2007-09-11 03:17:30 81920 --a------ C:\WINDOWS\System32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-09-05 15:44:36 111 --ah----- C:\sys24596.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B07BB-6430-4856-B242-7FB5E5DFEB33}]
08/02/2007 07:43 AM 282624 --a------ C:\Program Files\InstallShield Installation Information\nipycafuq83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d92e3b1-3a89-44e5-a3f5-801f5cfc176c}]
11/20/2007 11:43 PM 80960 --a------ C:\WINDOWS\System32\wdlnlbdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A54500A-65FE-4F4A-B860-20EAE2F577F9}]
C:\WINDOWS\System32\ddcabaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5D13E6EE-A7B3-455B-B1C5-7AD7F4B6D770}]
11/20/2007 07:57 PM 317024 --a------ C:\WINDOWS\System32\ddabb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81A9509A-7D8C-4A90-A102-0423548C1859}]
08/02/2007 07:43 AM 282624 --a------ C:\Program Files\InstallShield Installation Information\nipycafuq4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
11/05/2007 07:12 PM 184320 --a------ C:\WINDOWS\System32\80T7JRip.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{908B8C14-41AF-355D-DE2E-3FE600F65CE5}]
11/01/2007 07:44 AM 60928 --a------ C:\WINDOWS\System32\kmsnp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 05:24 AM]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [09/17/2007 01:07 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/31/2007 05:44 PM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [09/17/2007 01:07 AM]
"7cae7dc9"="C:\WINDOWS\System32\jrgmgkcq.dll" [11/20/2007 11:43 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/13/2007 03:18 PM]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [03/05/2007 12:57 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 04:08 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 03:17 PM]
"Steam"="c:\program files\steam\steam.exe" [11/14/2007 05:37 PM]

C:\Documents and Settings\Mel\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [10/12/2007 6:34:50 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4A54500A-65FE-4F4A-B860-20EAE2F577F9}"= C:\WINDOWS\System32\ddcabaa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcabaa]
ddcabaa.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\System32\\ddabb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk
backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mel^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Mel\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe




-- End of Deckard's System Scanner: finished at 2007-11-27 12:58:47 ------------
 

Attachments

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------


  1. Download ComboFix from one of these locations. ---------------------------------------------------------------------------------------------


    * IMPORTANT !!! Place combofix.exe on your Desktop


  2. Disconnect from the internet.
  3. Disable your AntiVirus application, usually via a right click on the System Tray icon.


  4. Go to
    -> Run -> paste in the following single line command & click OK


    "%userprofile%\desktop\combofix.exe" /killall




  5. Follow the prompts. Type "1" and press Enter to begin the scan.
  6. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  7. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

    ---------------------------------------------------------------------------------------------
  8. Ensure your AntiVirus is re-enabled. A reboot should have done this.
  9. Re-establish an internet connection.
  10. Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

    ---------------------------------------------------------------------------------------------
 

·
Registered
Joined
·
5 Posts
Discussion Starter #5
ComboFix 07-11-19.4 - Mel 2007-11-28 2:00:44.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.554 [GMT -6:00]
Running from: C:\Documents and Settings\Mel\desktop\combofix.exe
Command switches used :: /killall
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\Mel\Application Data\macromedia\Flash Player\#SharedObjects\4PFDN2ZX\iforex.com
C:\Documents and Settings\Mel\Application Data\macromedia\Flash Player\#SharedObjects\4PFDN2ZX\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Mel\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Mel\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Spenser (smells bad)\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Spenser (smells bad)\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Spenser (smells bad)\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\icroso~1\r?ndll32.exe
C:\Program Files\dobe~1
C:\Program Files\dobe~1\?dobe\
C:\Program Files\dobe~1\fast.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak2
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\kmsnp.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\wnsapiisv.exe
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-28 )))))))))))))))))))))))))))))))
.

2007-11-25 17:44 <DIR> d-------- C:\Deckard
2007-11-23 00:12 <DIR> d-------- C:\VundoFix Backups
2007-11-20 23:43 691,815 --ahs---- C:\WINDOWS\system32\qckgmgrj.ini
2007-11-20 23:43 85,056 --a------ C:\WINDOWS\system32\jrgmgkcq.dll
2007-11-20 23:43 80,960 --a------ C:\WINDOWS\system32\wdlnlbdb.dll
2007-11-20 23:43 71,232 --a------ C:\WINDOWS\system32\ldveghfl.exe
2007-11-20 19:52 <DIR> d-------- C:\WINDOWS\system32\uu2
2007-11-20 19:52 <DIR> d-------- C:\WINDOWS\system32\rr2
2007-11-20 19:52 <DIR> d-------- C:\WINDOWS\system32\rMa01yy
2007-11-20 19:52 <DIR> d-------- C:\WINDOWS\system32\cc1
2007-11-20 19:52 <DIR> d-------- C:\Temp\abW9
2007-11-20 19:52 <DIR> d-------- C:\Temp
2007-11-20 18:28 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\Temp
2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\src
2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\modelsrc
2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\materialsrc
2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\mapsrc
2007-11-17 19:26 210 --a------ C:\Documents and Settings\Spenser (smells bad)\run_mod.bat
2007-11-17 19:26 203 --a------ C:\Documents and Settings\Spenser (smells bad)\run_studiomdl.bat
2007-11-17 19:26 198 --a------ C:\Documents and Settings\Spenser (smells bad)\run_hlmv.bat
2007-11-17 19:26 111 --a------ C:\Documents and Settings\Spenser (smells bad)\run_hammer.bat
2007-11-16 18:18 <DIR> d-------- C:\SOURCE
2007-11-11 17:10 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-11 17:05 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-11 03:48 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-11-11 03:48 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-11-11 03:48 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-11-11 03:48 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-11-11 03:48 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-11-11 03:48 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-11-11 03:48 285,696 --a------ C:\WINDOWS\system32\kstvtune.ax
2007-11-11 03:48 226,304 --a------ C:\WINDOWS\system32\kswdmcap.ax
2007-11-11 03:48 117,248 --a------ C:\WINDOWS\system32\ksproxy.ax
2007-11-11 03:48 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-11-11 03:48 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-11-11 03:48 39,424 --a------ C:\WINDOWS\system32\ksxbar.ax
2007-11-11 03:48 27,648 --a------ C:\WINDOWS\system32\vbisurf.ax
2007-11-11 03:48 16,896 --a------ C:\WINDOWS\system32\bdaplgin.ax
2007-11-11 03:48 12,288 --a------ C:\WINDOWS\system32\ksolay.ax
2007-11-11 03:48 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-11-10 18:57 27,200 --a------ C:\WINDOWS\system32\tvQLAM7E.exe
2007-11-09 18:47 <DIR> d-------- C:\Program Files\Drum Machine v2
2007-11-06 17:55 <DIR> d-------- C:\WINDOWS\LogFiles
2007-11-05 19:12 184,320 --a------ C:\WINDOWS\system32\80T7JRip.dll
2007-11-05 17:43 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-11-03 18:58 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator
2007-11-03 14:07 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-11-03 14:06 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-11-03 14:06 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-11-03 14:06 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-11-03 14:06 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-11-03 14:06 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-11-03 14:06 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-11-03 14:06 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-11-03 14:06 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-11-03 08:29 184,320 --a------ C:\WINDOWS\system32\kySiYT6O.dll
2007-11-02 19:13 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\Application Data\Notepad++
2007-10-28 18:55 27,200 --a------ C:\WINDOWS\system32\8458I1Rj.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 08:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-28 08:00 --------- d-----w C:\Documents and Settings\Mel\Application Data\foobar2000
2007-11-28 07:59 --------- d-----w C:\Program Files\Soulseek
2007-11-28 01:18 --------- d-----w C:\Program Files\Steam
2007-11-26 10:08 --------- d-----w C:\Documents and Settings\Mel\Application Data\uTorrent
2007-11-26 02:57 --------- d-----w C:\Documents and Settings\Spenser (smells bad)\Application Data\foobar2000
2007-11-21 14:00 --------- d-----w C:\Documents and Settings\Mel\Application Data\AVG7
2007-11-20 23:08 --------- d-----w C:\Documents and Settings\Spenser (smells bad)\Application Data\AVG7
2007-11-13 06:09 --------- d-----w C:\Program Files\id Software
2007-11-05 04:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 23:35 --------- d-----w C:\Documents and Settings\Spenser (smells bad)\Application Data\Apple Computer
2007-11-01 01:38 --------- d-----w C:\Program Files\VTFEdit
2007-10-30 03:17 99 ----a-w C:\Documents and Settings\src\filecopy.bat
2007-10-27 00:47 --------- d-----w C:\Program Files\Valve
2007-10-26 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-26 06:17 --------- d-----w C:\Program Files\Focus & CDV
2007-10-26 06:17 --------- d-----w C:\Program Files\DOSBox-0.72
2007-10-26 02:00 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-23 07:46 --------- d-----w C:\Documents and Settings\Mel\Application Data\Bioshock
2007-10-23 04:59 --------- d-----w C:\Program Files\DIFX
2007-10-23 04:59 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-23 03:23 14,858 ----a-w C:\Program Files\install.log
2007-10-22 23:12 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND
2007-10-22 03:36 --------- d-----w C:\Program Files\Fraps
2007-10-21 23:05 182 ----a-w C:\run_studiomdl.bat
2007-10-21 23:05 177 ----a-w C:\run_hlmv.bat
2007-10-21 23:05 164 ----a-w C:\run_mod.bat
2007-10-21 23:05 111 ----a-w C:\run_hammer.bat
2007-10-21 21:08 --------- d-----w C:\Program Files\Xilisoft
2007-10-21 20:49 --------- d-----w C:\Program Files\SuperDVD Video Editor
2007-10-21 07:40 --------- d-----w C:\Program Files\MagicDVDRipper
2007-10-21 07:02 --------- d-----w C:\Program Files\iSofter
2007-10-21 07:02 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-10-21 06:52 --------- d-----w C:\Documents and Settings\Mel\Application Data\dvdcss
2007-10-21 01:55 --------- d-----w C:\Program Files\Chilkat Software Inc
2007-10-18 21:39 --------- d-----w C:\Program Files\Darkness Within Demo
2007-10-15 04:55 --------- d-----w C:\Program Files\ADRIFT
2007-10-13 05:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-13 05:09 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-12 23:02 --------- d-----w C:\Program Files\Common Files\Thraex Software
2007-10-12 22:38 --------- d-----w C:\Program Files\LeoCAD
2007-10-02 06:47 --------- d-----w C:\Documents and Settings\Mel\Application Data\Codemasters
2007-10-02 06:14 --------- d-----w C:\Documents and Settings\Mel\Application Data\InstallShield
2007-10-02 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-01 01:11 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-09-29 01:29 --------- d-----w C:\Program Files\Terrain Generator
2007-09-24 21:33 180 ----a-w C:\Program Files\run_studiomdl.bat
2007-09-24 21:33 175 ----a-w C:\Program Files\run_hlmv.bat
2007-09-24 21:33 170 ----a-w C:\Program Files\run_mod.bat
2007-09-24 21:33 103 ----a-w C:\Program Files\run_hammer.bat
2007-09-18 20:29 5,125 ----a-w C:\Documents and Settings\Mel\SteamIdFinder.zip
2007-09-05 21:44 111 ---ha-w C:\sys24596.bin
2007-08-30 13:30 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\pafihgro.dll
2007-08-18 20:33 1 ----a-w C:\Documents and Settings\Mel\SI.bin
2007-08-09 05:02 23,902 ----a-w C:\Documents and Settings\Mel\max.zip
2007-08-09 04:25 4,939,085 ----a-w C:\Documents and Settings\Mel\r09.zip
2007-08-07 08:10 670,106 ----a-w C:\Documents and Settings\Mel\atlantis.zip
2007-08-07 08:08 817,465 ----a-w C:\Documents and Settings\Mel\indiatlantisdemo.zip
2007-08-05 05:17 4,215,160 ----a-w C:\Documents and Settings\Mel\dMC-r12[1].2.exe
2007-07-29 05:18 106,574,053 ----a-w C:\Documents and Settings\Mel\Sunset Rubdown - Random Spirit Lover.zip
2007-07-28 09:06 135 ----a-w C:\Program Files\page.html
2007-07-28 09:06 135 ----a-w C:\Program Files\Common Files\vikok.html
2007-06-25 07:50 881,128 ----a-w C:\Documents and Settings\Mel\SmitfraudFix.exe
2007-06-25 06:35 5,037,072 ----a-w C:\Documents and Settings\Mel\spybotsd14.exe
2007-06-25 03:13 25,072,608 ----a-w C:\Documents and Settings\Mel\AVSDVDPlayer.exe
2007-06-25 02:53 21,736,784 ----a-w C:\Documents and Settings\Mel\DivXInstaller.exe
2007-06-01 00:43 703,258 ----a-w C:\Program Files\JUN2007_d3dx10_34_x64.cab
2007-06-01 00:43 701,218 ----a-w C:\Program Files\JUN2007_d3dx10_34_x86.cab
2007-06-01 00:43 44,687 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-06-01 00:43 200,646 ----a-w C:\Program Files\JUN2007_XACT_x64.cab
2007-06-01 00:43 155,892 ----a-w C:\Program Files\JUN2007_XACT_x86.cab
2007-06-01 00:43 1,611,772 ----a-w C:\Program Files\JUN2007_d3dx9_34_x64.cab
2007-06-01 00:43 1,610,203 ----a-w C:\Program Files\JUN2007_d3dx9_34_x86.cab
2007-06-01 00:23 976,020 ------w C:\Program Files\BDAXP.cab
2007-06-01 00:23 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2007-06-01 00:23 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2007-06-01 00:23 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2007-06-01 00:23 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2007-06-01 00:23 86,401 ----a-w C:\Program Files\dxupdate.cab
2007-06-01 00:23 77,160 ----a-w C:\Program Files\DSETUP.dll
2007-06-01 00:23 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab
2007-06-01 00:23 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab
2007-06-01 00:23 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab
2007-06-01 00:23 503,144 ----a-w C:\Program Files\DXSETUP.exe
2007-06-01 00:23 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2007-06-01 00:23 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2007-06-01 00:23 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2007-06-01 00:23 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2007-06-01 00:23 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab
2007-06-01 00:23 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab
2007-06-01 00:23 198,275 ------w C:\Program Files\FEB2007_XACT_x64.cab
2007-06-01 00:23 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab
2007-06-01 00:23 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab
2007-06-01 00:23 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2007-06-01 00:23 183,321 ------w C:\Program Files\OCT2006_XACT_x64.cab
2007-06-01 00:23 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2007-06-01 00:23 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2007-06-01 00:23 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2007-06-01 00:23 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab
2007-06-01 00:23 151,583 ------w C:\Program Files\FEB2007_XACT_x86.cab
1999-12-07 12:00 5,120 --sha-w C:\WINDOWS\system32\idesync.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B07BB-6430-4856-B242-7FB5E5DFEB33}]
2007-08-02 07:43 282624 --a------ C:\Program Files\InstallShield Installation Information\nipycafuq83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d92e3b1-3a89-44e5-a3f5-801f5cfc176c}]
2007-11-20 23:43 80960 --a------ C:\WINDOWS\System32\wdlnlbdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A54500A-65FE-4F4A-B860-20EAE2F577F9}]
C:\WINDOWS\System32\ddcabaa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81A9509A-7D8C-4A90-A102-0423548C1859}]
2007-08-02 07:43 282624 --a------ C:\Program Files\InstallShield Installation Information\nipycafuq4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
2007-11-05 19:12 184320 --a------ C:\WINDOWS\System32\80T7JRip.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 15:18]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 12:57]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 16:08]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 15:17]
"Steam"="c:\program files\steam\steam.exe" [2007-11-14 17:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 06:00 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 06:00 C:\WINDOWS\system32\rundll32.exe]
"7cae7dc9"="C:\WINDOWS\System32\jrgmgkcq.dll" [2007-11-20 23:43]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-06 11:56]

C:\Documents and Settings\Mel\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-10-12 18:34:50]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4A54500A-65FE-4F4A-B860-20EAE2F577F9}"= C:\WINDOWS\System32\ddcabaa.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcabaa]
ddcabaa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk
backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mel^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Mel\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09 63712 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-07-31 17:44 271672 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-02 03:15 75520 --a------ C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-13 15:18 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\System32\drivers\OVSound2.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\System32\DRIVERS\OVCE.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 04:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-28 06:00:45 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 15:00:45 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 16:00:45 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 17:00:45 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 18:00:45 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 19:00:45 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 20:00:45 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 21:00:47 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 22:00:45 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 23:00:45 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-28 00:00:45 C:\WINDOWS\Tasks\At19.job"
"2007-11-28 07:00:45 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-28 01:00:45 C:\WINDOWS\Tasks\At20.job"
"2007-11-28 02:00:54 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-28 03:00:49 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-28 04:00:50 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-28 05:00:45 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-28 06:00:45 C:\WINDOWS\Tasks\At25.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 07:00:45 C:\WINDOWS\Tasks\At26.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 08:00:45 C:\WINDOWS\Tasks\At27.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 09:00:51 C:\WINDOWS\Tasks\At28.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 10:00:45 C:\WINDOWS\Tasks\At29.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 08:00:45 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 11:00:45 C:\WINDOWS\Tasks\At30.job"
"2007-11-27 12:00:45 C:\WINDOWS\Tasks\At31.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 13:00:45 C:\WINDOWS\Tasks\At32.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 14:00:45 C:\WINDOWS\Tasks\At33.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 15:00:45 C:\WINDOWS\Tasks\At34.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 16:00:45 C:\WINDOWS\Tasks\At35.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 17:00:45 C:\WINDOWS\Tasks\At36.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 18:00:45 C:\WINDOWS\Tasks\At37.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 19:00:45 C:\WINDOWS\Tasks\At38.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 20:00:45 C:\WINDOWS\Tasks\At39.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 09:00:50 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 21:00:47 C:\WINDOWS\Tasks\At40.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 22:00:45 C:\WINDOWS\Tasks\At41.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 23:00:45 C:\WINDOWS\Tasks\At42.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 00:00:45 C:\WINDOWS\Tasks\At43.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 01:00:45 C:\WINDOWS\Tasks\At44.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 02:01:04 C:\WINDOWS\Tasks\At45.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 03:00:58 C:\WINDOWS\Tasks\At46.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 04:01:01 C:\WINDOWS\Tasks\At47.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-28 05:00:45 C:\WINDOWS\Tasks\At48.job"
- C:\WINDOWS\System32\tvQLAM7E.exe
"2007-11-27 10:00:45 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 11:00:45 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 12:00:45 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 13:00:45 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 14:00:45 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\System32\8458I1Rj.exe
"2007-11-27 15:00:00 C:\WINDOWS\Tasks\system32.job"
- C:\WINDOWS\system32
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 02:30:57
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 2:32:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-06 22:02
C:\ComboFix2.txt ... 2007-09-06 22:02
C:\ComboFix3.txt ... 2007-09-04 21:39
.
--- E O F ---










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:45 AM, on 11/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mel\My Documents\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2B0B07BB-6430-4856-B242-7FB5E5DFEB33} - C:\Program Files\InstallShield Installation Information\nipycafuq83122.dll
O2 - BHO: {c671cfc5-f108-5f3a-5e44-98a31b3e29d3} - {3d92e3b1-3a89-44e5-a3f5-801f5cfc176c} - C:\WINDOWS\System32\wdlnlbdb.dll
O2 - BHO: (no name) - {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - C:\WINDOWS\System32\ddcabaa.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81A9509A-7D8C-4A90-A102-0423548C1859} - C:\Program Files\InstallShield Installation Information\nipycafuq4444.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\System32\80T7JRip.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [7cae7dc9] rundll32.exe "C:\WINDOWS\System32\jrgmgkcq.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101MFCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.4.41/aces/aces-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/freecell2/freecell2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/spider/spider-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.4.41/memories/memories-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/wordsearch/wordsearch-en_US.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: ddcabaa - ddcabaa.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8009 bytes
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------


Please go to: VirusTotal
  • On the page you'll find a "Browse" button.
  • Next to the browse button you'll see a box to enter text.
  • Please copy/paste the following in BOLD:

    C:\WINDOWS\system32\kySiYT6O.dll

  • Then click the "Send File " button just below.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.
---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx

Close HijackThis now.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

http://www.techsupportforum.com/security-center/hijackthis-log-help/196566-constant-pop-up-s-loading-really-slow.html


Killall::

File::
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\system32.job

Folder::
C:\VundoFix Backups
C:\WINDOWS\system32\uu2
C:\WINDOWS\system32\rr2
C:\WINDOWS\system32\rMa01yy
C:\WINDOWS\system32\cc1
C:\Temp\abW9

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B07BB-6430-4856-B242-7FB5E5DFEB33}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3d92e3b1-3a89-44e5-a3f5-801f5cfc176c}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A54500A-65FE-4F4A-B860-20EAE2F577F9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81A9509A-7D8C-4A90-A102-0423548C1859}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"7cae7dc9"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4A54500A-65FE-4F4A-B860-20EAE2F577F9}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcabaa]

Collect::
C:\WINDOWS\system32\qckgmgrj.ini
C:\WINDOWS\system32\jrgmgkcq.dll
C:\WINDOWS\system32\wdlnlbdb.dll
C:\WINDOWS\system32\ldveghfl.exe
C:\WINDOWS\system32\tvQLAM7E.exe
C:\WINDOWS\system32\80T7JRip.dll
C:\WINDOWS\system32\8458I1Rj.exe
C:\Program Files\InstallShield Installation Information\nipycafuq83122.dll
C:\Program Files\InstallShield Installation Information\nipycafuq4444.dll

FileLook::
C:\WINDOWS\system32\kySiYT6O.dll
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
 

·
Registered
Joined
·
5 Posts
Discussion Starter #7
Here's the Virus Total results:

hnLab-V3 2007.11.29.0 2007.11.29 -
AntiVir 7.6.0.34 2007.11.28 TR/BHO.Agent.mio
Authentium 4.93.8 2007.11.28 -
Avast 4.7.1074.0 2007.11.28 -
AVG 7.5.0.503 2007.11.28 Adware Generic2.RFJ
BitDefender 7.2 2007.11.29 Trojan.Downloader.Bho.NXQ
CAT-QuickHeal 9.00 2007.11.28 AdWare.BHO.gw (Not a Virus)
ClamAV 0.91.2 2007.11.28 -
DrWeb 4.44.0.09170 2007.11.28 -
eSafe 7.0.15.0 2007.11.28 Win32.Adclicker
eTrust-Vet 31.3.5334 2007.11.28 Win32/SillyDl.DHA
Ewido 4.0 2007.11.28 -
FileAdvisor 1 2007.11.29 High threat detected
Fortinet 3.14.0.0 2007.11.29 Adware/BHO
F-Prot 4.4.2.54 2007.11.28 -
F-Secure 6.70.13030.0 2007.11.28 -
Ikarus T3.1.1.12 2007.11.29 not-a-virus:AdWare.Win32.BHO.gw
Kaspersky 7.0.0.125 2007.11.29 not-a-virus:AdWare.Win32.BHO.gw
McAfee 5173 2007.11.28 potentially unwanted program Adware-BHO
Microsoft 1.3007 2007.11.29 Adware:Win32/180SolutionsNCase
NOD32v2 2692 2007.11.28 probably a variant of Win32/Adware.BHO
Norman 5.80.02 2007.11.28 W32/BHO.ALC
Panda 9.0.0.4 2007.11.28 Trj/BHO.O
Prevx1 V2 2007.11.29 Trojan.AdClicker
Rising 20.20.22.00 2007.11.29 AdWare.Win32.BHO.gw
Sophos 4.23.0 2007.11.29 -
Sunbelt 2.2.907.0 2007.11.27 Trojan-Downloader.Bho.NXQ
Symantec 10 2007.11.29 Trojan.Adclicker
TheHacker 6.2.9.144 2007.11.28 Adware/BHO.gw
VBA32 3.12.2.5 2007.11.28 AdWare.Win32.BHO.gw
VirusBuster 4.3.26:9 2007.11.28 -
Webwasher-Gateway 6.6.2 2007.11.29 Trojan.BHO.Agent.mio




The ComboFix results:



ComboFix 07-11-19.4 - Mel 2007-11-29 0:59:29.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.697 [GMT -6:00]
Running from: C:\Documents and Settings\Mel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mel\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\system32.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mel\Application Data\macromedia\Flash Player\#SharedObjects\4PFDN2ZX\iforex.com
C:\Documents and Settings\Mel\Application Data\macromedia\Flash Player\#SharedObjects\4PFDN2ZX\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Mel\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Mel\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\InstallShield Installation Information\nipycafuq4444.dll
C:\Program Files\InstallShield Installation Information\nipycafuq83122.dll
C:\Temp\abW9
C:\Temp\abW9\tPho.log
C:\VundoFix Backups
C:\WINDOWS\system32\80T7JRip.dll
C:\WINDOWS\system32\8458I1Rj.exe
C:\WINDOWS\system32\cc1
C:\WINDOWS\system32\cc1\dnslook11.exe
C:\WINDOWS\system32\jrgmgkcq.dll
C:\WINDOWS\system32\ldveghfl.exe
C:\WINDOWS\system32\qckgmgrj.ini
C:\WINDOWS\system32\rMa01yy
C:\WINDOWS\system32\rMa01yy\rMa01yy1065.exe
C:\WINDOWS\system32\rr2
C:\WINDOWS\system32\rr2\bemwdll3.exe
C:\WINDOWS\system32\tvQLAM7E.exe
C:\WINDOWS\system32\uu2
C:\WINDOWS\system32\uu2\mper83122.exe
C:\WINDOWS\system32\wdlnlbdb.dll
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\system32.job
C:\WINDOWS\tk58.exe
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.

2007-11-29 01:13 <DIR> d--hs---- C:\found.000
2007-11-25 17:44 <DIR> d-------- C:\Deckard
2007-11-20 19:52 <DIR> d-------- C:\Temp
2007-11-20 18:28 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\Temp
2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\src
2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\modelsrc
2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\materialsrc
2007-11-17 19:26 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\mapsrc
2007-11-17 19:26 210 --a------ C:\Documents and Settings\Spenser (smells bad)\run_mod.bat
2007-11-17 19:26 203 --a------ C:\Documents and Settings\Spenser (smells bad)\run_studiomdl.bat
2007-11-17 19:26 198 --a------ C:\Documents and Settings\Spenser (smells bad)\run_hlmv.bat
2007-11-17 19:26 111 --a------ C:\Documents and Settings\Spenser (smells bad)\run_hammer.bat
2007-11-16 18:18 <DIR> d-------- C:\SOURCE
2007-11-11 17:10 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-11-11 17:05 <DIR> d-------- C:\Program Files\Electronic Arts
2007-11-11 03:50 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-11-09 18:47 <DIR> d-------- C:\Program Files\Drum Machine v2
2007-11-06 17:55 <DIR> d-------- C:\WINDOWS\LogFiles
2007-11-05 17:43 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-11-03 18:58 <DIR> d-------- C:\Program Files\Pivot Stickfigure Animator
2007-11-03 14:07 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2007-11-03 14:06 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-11-03 14:06 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-11-03 14:06 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-11-03 14:06 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-11-03 14:06 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-11-03 14:06 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-11-03 14:06 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-11-03 14:06 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-11-03 08:29 184,320 --a------ C:\WINDOWS\system32\kySiYT6O.dll
2007-11-02 19:13 <DIR> d-------- C:\Documents and Settings\Spenser (smells bad)\Application Data\Notepad++

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 07:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-29 06:34 --------- d-----w C:\Documents and Settings\Mel\Application Data\foobar2000
2007-11-29 06:32 --------- d-----w C:\Program Files\Soulseek
2007-11-29 03:43 --------- d-----w C:\Program Files\Steam
2007-11-26 10:08 --------- d-----w C:\Documents and Settings\Mel\Application Data\uTorrent
2007-11-26 02:57 --------- d-----w C:\Documents and Settings\Spenser (smells bad)\Application Data\foobar2000
2007-11-21 14:00 --------- d-----w C:\Documents and Settings\Mel\Application Data\AVG7
2007-11-20 23:08 --------- d-----w C:\Documents and Settings\Spenser (smells bad)\Application Data\AVG7
2007-11-13 06:09 --------- d-----w C:\Program Files\id Software
2007-11-05 04:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-01 23:35 --------- d-----w C:\Documents and Settings\Spenser (smells bad)\Application Data\Apple Computer
2007-11-01 01:38 --------- d-----w C:\Program Files\VTFEdit
2007-10-30 03:17 99 ----a-w C:\Documents and Settings\src\filecopy.bat
2007-10-27 00:47 --------- d-----w C:\Program Files\Valve
2007-10-26 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-26 06:17 --------- d-----w C:\Program Files\Focus & CDV
2007-10-26 06:17 --------- d-----w C:\Program Files\DOSBox-0.72
2007-10-26 02:00 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-10-23 07:46 --------- d-----w C:\Documents and Settings\Mel\Application Data\Bioshock
2007-10-23 04:59 --------- d-----w C:\Program Files\DIFX
2007-10-23 04:59 --------- d-----w C:\Program Files\AGEIA Technologies
2007-10-23 03:23 14,858 ----a-w C:\Program Files\install.log
2007-10-22 23:12 --------- d-----w C:\Program Files\AV Vcs 6.0 DIAMOND
2007-10-22 03:36 --------- d-----w C:\Program Files\Fraps
2007-10-21 23:05 182 ----a-w C:\run_studiomdl.bat
2007-10-21 23:05 177 ----a-w C:\run_hlmv.bat
2007-10-21 23:05 164 ----a-w C:\run_mod.bat
2007-10-21 23:05 111 ----a-w C:\run_hammer.bat
2007-10-21 21:08 --------- d-----w C:\Program Files\Xilisoft
2007-10-21 20:49 --------- d-----w C:\Program Files\SuperDVD Video Editor
2007-10-21 07:40 --------- d-----w C:\Program Files\MagicDVDRipper
2007-10-21 07:02 --------- d-----w C:\Program Files\iSofter
2007-10-21 07:02 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-10-21 06:52 --------- d-----w C:\Documents and Settings\Mel\Application Data\dvdcss
2007-10-21 01:55 --------- d-----w C:\Program Files\Chilkat Software Inc
2007-10-18 21:39 --------- d-----w C:\Program Files\Darkness Within Demo
2007-10-15 04:55 --------- d-----w C:\Program Files\ADRIFT
2007-10-13 05:09 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-13 05:09 249,856 ------w C:\WINDOWS\Setup1.exe
2007-10-12 23:02 --------- d-----w C:\Program Files\Common Files\Thraex Software
2007-10-12 22:38 --------- d-----w C:\Program Files\LeoCAD
2007-10-02 06:47 --------- d-----w C:\Documents and Settings\Mel\Application Data\Codemasters
2007-10-02 06:14 --------- d-----w C:\Documents and Settings\Mel\Application Data\InstallShield
2007-10-02 06:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-01 01:11 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-09-29 01:29 --------- d-----w C:\Program Files\Terrain Generator
2007-09-24 21:33 180 ----a-w C:\Program Files\run_studiomdl.bat
2007-09-24 21:33 175 ----a-w C:\Program Files\run_hlmv.bat
2007-09-24 21:33 170 ----a-w C:\Program Files\run_mod.bat
2007-09-24 21:33 103 ----a-w C:\Program Files\run_hammer.bat
2007-09-18 20:29 5,125 ----a-w C:\Documents and Settings\Mel\SteamIdFinder.zip
2007-09-05 21:44 111 ---ha-w C:\sys24596.bin
2007-08-30 13:30 102,400 ----a-w C:\Documents and Settings\All Users\Application Data\pafihgro.dll
2007-08-18 20:33 1 ----a-w C:\Documents and Settings\Mel\SI.bin
2007-08-09 05:02 23,902 ----a-w C:\Documents and Settings\Mel\max.zip
2007-08-09 04:25 4,939,085 ----a-w C:\Documents and Settings\Mel\r09.zip
2007-08-07 08:10 670,106 ----a-w C:\Documents and Settings\Mel\atlantis.zip
2007-08-07 08:08 817,465 ----a-w C:\Documents and Settings\Mel\indiatlantisdemo.zip
2007-08-05 05:17 4,215,160 ----a-w C:\Documents and Settings\Mel\dMC-r12[1].2.exe
2007-07-29 05:18 106,574,053 ----a-w C:\Documents and Settings\Mel\Sunset Rubdown - Random Spirit Lover.zip
2007-07-28 09:06 135 ----a-w C:\Program Files\page.html
2007-07-28 09:06 135 ----a-w C:\Program Files\Common Files\vikok.html
2007-06-25 07:50 881,128 ----a-w C:\Documents and Settings\Mel\SmitfraudFix.exe
2007-06-25 06:35 5,037,072 ----a-w C:\Documents and Settings\Mel\spybotsd14.exe
2007-06-25 03:13 25,072,608 ----a-w C:\Documents and Settings\Mel\AVSDVDPlayer.exe
2007-06-25 02:53 21,736,784 ----a-w C:\Documents and Settings\Mel\DivXInstaller.exe
2007-06-01 00:43 703,258 ----a-w C:\Program Files\JUN2007_d3dx10_34_x64.cab
2007-06-01 00:43 701,218 ----a-w C:\Program Files\JUN2007_d3dx10_34_x86.cab
2007-06-01 00:43 44,687 ----a-w C:\Program Files\dxdllreg_x86.cab
2007-06-01 00:43 200,646 ----a-w C:\Program Files\JUN2007_XACT_x64.cab
2007-06-01 00:43 155,892 ----a-w C:\Program Files\JUN2007_XACT_x86.cab
2007-06-01 00:43 1,611,772 ----a-w C:\Program Files\JUN2007_d3dx9_34_x64.cab
2007-06-01 00:43 1,610,203 ----a-w C:\Program Files\JUN2007_d3dx9_34_x86.cab
2007-06-01 00:23 976,020 ------w C:\Program Files\BDAXP.cab
2007-06-01 00:23 917,318 ------w C:\Program Files\Apr2006_MDX1_x86.cab
2007-06-01 00:23 88,102 ------w C:\Program Files\AUG2006_xinput_x64.cab
2007-06-01 00:23 87,989 ------w C:\Program Files\Apr2006_xinput_x64.cab
2007-06-01 00:23 86,925 ------w C:\Program Files\Oct2005_xinput_x64.cab
2007-06-01 00:23 86,401 ----a-w C:\Program Files\dxupdate.cab
2007-06-01 00:23 77,160 ----a-w C:\Program Files\DSETUP.dll
2007-06-01 00:23 702,212 ------w C:\Program Files\APR2007_d3dx10_33_x64.cab
2007-06-01 00:23 699,465 ------w C:\Program Files\APR2007_d3dx10_33_x86.cab
2007-06-01 00:23 56,902 ------w C:\Program Files\APR2007_xinput_x86.cab
2007-06-01 00:23 503,144 ----a-w C:\Program Files\DXSETUP.exe
2007-06-01 00:23 47,018 ------w C:\Program Files\AUG2006_xinput_x86.cab
2007-06-01 00:23 46,898 ------w C:\Program Files\Apr2006_xinput_x86.cab
2007-06-01 00:23 46,247 ------w C:\Program Files\Oct2005_xinput_x86.cab
2007-06-01 00:23 4,163,518 ------w C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2007-06-01 00:23 213,767 ------w C:\Program Files\DEC2006_d3dx10_00_x64.cab
2007-06-01 00:23 199,366 ------w C:\Program Files\APR2007_XACT_x64.cab
2007-06-01 00:23 198,275 ------w C:\Program Files\FEB2007_XACT_x64.cab
2007-06-01 00:23 193,435 ------w C:\Program Files\DEC2006_XACT_x64.cab
2007-06-01 00:23 192,680 ------w C:\Program Files\DEC2006_d3dx10_00_x86.cab
2007-06-01 00:23 183,863 ------w C:\Program Files\AUG2006_XACT_x64.cab
2007-06-01 00:23 183,321 ------w C:\Program Files\OCT2006_XACT_x64.cab
2007-06-01 00:23 181,745 ------w C:\Program Files\JUN2006_XACT_x64.cab
2007-06-01 00:23 180,021 ------w C:\Program Files\Apr2006_XACT_x64.cab
2007-06-01 00:23 179,247 ------w C:\Program Files\Feb2006_XACT_x64.cab
2007-06-01 00:23 154,825 ------w C:\Program Files\APR2007_XACT_x86.cab
2007-06-01 00:23 151,583 ------w C:\Program Files\FEB2007_XACT_x86.cab
1999-12-07 12:00 5,120 --sha-w C:\WINDOWS\system32\idesync.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- C:\WINDOWS\system32\kySiYT6O.dll ----

Company:
File Description:
File Version: 2.0
Product Name: WebAssist
Copyright:
Original file name:


((((((((((((((((((((((((((((( [email protected]_ 2.31.12.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-28 08:14:11 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-11-29 07:14:55 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-11-28 08:14:11 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-11-29 07:14:55 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-11-28 08:14:11 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-11-29 07:14:55 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 15:18]
"igndlm.exe"="C:\Program Files\IGN\Download Manager\dlm.exe" [2007-03-05 12:57]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-20 16:08]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 15:17]
"Steam"="c:\program files\steam\steam.exe" [2007-11-14 17:37]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"NvCplDaemon"="RUNDLL32.exe" [2001-08-23 06:00 C:\WINDOWS\system32\rundll32.exe]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44]
"nwiz"="nwiz.exe" [2007-09-17 01:07 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2001-08-23 06:00 C:\WINDOWS\system32\rundll32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-06 11:56]

C:\Documents and Settings\Mel\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-10-12 18:34:50]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Color Calibration.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk
backup=C:\WINDOWS\pss\Color Calibration.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MagicTune 3.6.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune 3.6.lnk
backup=C:\WINDOWS\pss\MagicTune 3.6.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mel^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Mel\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09 63712 --a------ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 02:06 40048 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-07-31 17:44 271672 --a------ C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-05-02 03:15 75520 --a------ C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-13 15:18 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

S1 lusbaudio;Logitech USB Microphone;C:\WINDOWS\System32\drivers\OVSound2.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 QCEmerald;Logitech QuickCam Web;C:\WINDOWS\System32\DRIVERS\OVCE.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-11-28 04:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-29 01:25:25
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-29 1:26:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-06 22:02
C:\ComboFix2.txt ... 2007-11-28 02:32
C:\ComboFix3.txt ... 2007-09-06 22:02
.
--- E O F ---



And HijackThis:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:31:43 AM, on 11/29/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Mel\My Documents\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\dlm.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: GameSpot Download Manager.lnk = C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101MFCA
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-8.0.4.41/aces/aces-en_US.cab
O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
O16 - DPF: Payday Freecell Solitaire by pogo - http://game1.pogo.com/applet-8.0.4.41/freecell2/freecell2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-8.0.5.30/spider/spider-en_US.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-8.0.4.41/memories/memories-en_US.cab
O16 - DPF: Word Search Daily by pogo - http://game1.pogo.com/applet-8.0.5.30/wordsearch/wordsearch-en_US.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 7085 bytes
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Good work. Thanks for uploading the file.

One more to take care of...

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxuk101MFCA


Close HijackThis now.

---------------------------------------------------------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:

http://www.techsupportforum.com/security-center/hijackthis-log-help/196566-constant-pop-up-s-loading-really-slow.html


Collect::
C:\WINDOWS\system32\kySiYT6O.dll
Save this as CFScript.txt




Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

---------------------------------------------------------------------------------------------

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 u3 and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windowsi586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked

      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.
---------------------------------------------------------------------------------------------

Please run this online scan to help look for remnants.

First, Go to Start>Control Panel>Add/Remove Programs and remove Kaspersky online scanner if present prior to downloading the most up-to-date one.

Next, establish an internet connection & perform an online scan using Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
 
1 - 8 of 8 Posts
Status
Not open for further replies.
Top