|
|
Ariey2k
new user
Reg'd: Wed
Posts: 3
|
|
All was well until opening a particular website (via FireFox) my Free AVG version 8 went berserk and threw at me pop up after pop up of threats. Instinctively I relegated them all to the vault. On close scrutiny many appeared as regular working programs e.g Foxit Reader.exe but also many dll's and other fancy stuff I could not id. The common name of the threat was dowloader.tibs. I decided to restore only this reader to start with and then AV just its folder and Nada. There was no virus in this file anymore and it went back to doing its PDF viewing as it should. Hence, next step was restoring all the quarantined files under this threat name, followed by rebooting and then AV'ing the entire computer. Result -> clean. I then scanned with SpywareDetector and found 122 threats that were then also relegated to the cleaners. Rebooted again and did a HiJack log. Now for the question: Am I really clean now? I am attaching the HJ log below and will be most grateful for any comments by an expert reviewer. With thanks in advance and here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:15, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\vVX3000.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\SAM\SAM.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.web1.crabdance.com/proxy.pac
R3 - URLSearchHook: findercoil Toolbar - {67aa0145-a051-4660-a910-22da3bab1fa5} - C:\Program Files\findercoil\tbfin0.dll
R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {54B02808-B60E-44CD-A72D-9865117E4E62} - (no file)
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll
O2 - BHO: findercoil Toolbar - {67aa0145-a051-4660-a910-22da3bab1fa5} - C:\Program Files\findercoil\tbfin0.dll
O2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - (no file)
O2 - BHO: CPub Object - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17--1022306550.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17--1022306550.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - (no file)
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: findercoil Toolbar - {67aa0145-a051-4660-a910-22da3bab1fa5} - C:\Program Files\findercoil\tbfin0.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [SDAutoLiveupdate] C:\Program Files\SpywareDetector\LiveUpdateSD.exe -AUTO
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\user\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.pia.co.il/download/CfxIEAx.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137362610500
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: :\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 17401 bytes
--------------------
--------------------------------
One Life, Live it Well
--------------------------------
|
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
Welcome to the Webuser forum. 
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
 
A computer once beat me at chess, but it was no match for me at kick boxing.
|
Ariey2k
new user
Reg'd: Wed
Posts: 3
|
|
Thanks for the detailed instructions. Though with trepidations I did it and here are the results of both log files. Combifix did delete all sorts of items, which I may perhaps find out later. The one thing I did find out was that it deleted my Bookmarks under Firefox (not IE). So a partial recovery was possible by reimporting the bookmarks from IE. Win a few lose a few :-)
ComboFix 08-05-20.5 - user 05/21/2008 21:38:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1255.1.1033.18.347 [GMT 3:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\internet explorer\msimg32.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://www.corel.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 18:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 18:47 --------- d-----w C:\Program Files\SAM
2008-05-21 18:47 --------- d-----w C:\Program Files\Password Safe
2008-05-21 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-05-21 18:45 --------- d-----w C:\Documents and Settings\user\Application Data\WTablet
2008-05-21 18:35 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-21 18:35 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
2008-05-21 09:11 --------- d-----w C:\Program Files\WinPcap
2008-05-21 08:44 --------- d-----w C:\Program Files\SpywareGuard
2008-05-21 08:22 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 00:11 --------- d-----w C:\Documents and Settings\LocalService\Application Data\WTablet
2008-05-20 21:42 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2008-05-20 21:42 --------- d-----w C:\Program Files\MagicDVDRipper
2008-05-20 17:13 --------- d-----w C:\Documents and Settings\user\Application Data\Smilebox
2008-05-20 17:06 --------- d-----w C:\Program Files\PC Tune-Up
2008-05-18 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-05-18 12:06 --------- d-----w C:\Program Files\Ghostgum
2008-05-18 12:04 --------- d-----w C:\Program Files\gs
2008-05-18 11:58 --------- d-----w C:\Documents and Settings\user\Application Data\pdf995
2008-05-18 11:39 --------- d-----w C:\Program Files\pdf995
2008-05-18 07:46 --------- d-----w C:\Program Files\Google
2008-05-17 09:57 --------- d-----w C:\Documents and Settings\user\Application Data\AVGTOOLBAR
2008-05-17 05:29 --------- d-----w C:\Program Files\Picasa2
2008-05-16 13:49 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-16 13:48 --------- d-----w C:\Program Files\AVG
2008-05-16 13:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-05-13 16:17 --------- d-----w C:\Documents and Settings\user\Application Data\AdobeUM
2008-05-13 15:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-11 08:35 --------- d-----w C:\Documents and Settings\user\Application Data\IcoFX
2008-05-11 06:36 4,107,161 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-04-20 08:53 --------- d-----w C:\Program Files\IcoFX 1.6
2008-04-10 09:56 --------- d-----w C:\Program Files\PIXresizer
2008-04-09 17:26 --------- d-----w C:\Program Files\Yahoo!
2008-04-09 07:31 --------- d-----w C:\Documents and Settings\user\Application Data\Serif
2008-04-09 07:29 --------- d-----w C:\Program Files\Serif
2008-04-07 13:15 --------- d-----w C:\Program Files\BlueVoda Website Builder
2008-04-07 13:14 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-04-07 07:39 --------- d-----w C:\Program Files\MediaFACE II
2008-04-04 13:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 13:57 --------- d-----w C:\Documents and Settings\user\Application Data\YouSendIt
2008-04-04 13:56 --------- d-----w C:\Program Files\YouSendIt
2008-04-04 12:31 --------- d-----w C:\Documents and Settings\user\Application Data\Ahead
2008-04-02 06:54 --------- d-----w C:\Documents and Settings\user\Application Data\Download Manager
2008-03-28 10:05 --------- d-----w C:\Documents and Settings\user\Application Data\U3
2008-03-26 15:51 --------- d-----w C:\Program Files\iTunes
2008-03-26 15:50 --------- d-----w C:\Program Files\iPod
2008-03-26 15:49 --------- d-----w C:\Program Files\QuickTime
2008-03-03 21:47 1,531,904 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2005-09-12 09:51 60,768 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2005-06-18 11:34 118 ----a-w C:\Program Files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{67aa0145-a051-4660-a910-22da3bab1fa5}]
03/13/2008 01:36 PM 1470488 --a------ C:\Program Files\findercoil\tbfin0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]
03/13/2008 01:36 PM 1470488 --a------ C:\Program Files\Foxit\tbFox1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/16/2008 04:49 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{67AA0145-A051-4660-A910-22DA3BAB1FA5}"= "C:\Program Files\findercoil\tbfin0.dll" [03/13/2008 01:36 PM 1470488]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= "C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll" [10/10/2007 05:05 PM 264416]
"{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}"= "C:\Program Files\Foxit\tbFox1.dll" [03/13/2008 01:36 PM 1470488]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [05/16/2008 04:49 PM 2050816]
[HKEY_CLASSES_ROOT\clsid\{67aa0145-a051-4660-a910-22da3bab1fa5}]
[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]
[HKEY_CLASSES_ROOT\clsid\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{67AA0145-A051-4660-A910-22DA3BAB1FA5}"= C:\Program Files\findercoil\tbfin0.dll [03/13/2008 01:36 PM 1470488]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [10/10/2007 05:05 PM 264416]
"{73C7D5B0-7B03-444A-84C7-CE1BA03B5573}"= C:\Program Files\Foxit\tbFox1.dll [03/13/2008 01:36 PM 1470488]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/16/2008 04:49 PM 2050816]
[HKEY_CLASSES_ROOT\clsid\{67aa0145-a051-4660-a910-22da3bab1fa5}]
[HKEY_CLASSES_ROOT\clsid\{965b54b0-71e0-4611-8de7-f73fa0b20e26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]
[HKEY_CLASSES_ROOT\clsid\{73c7d5b0-7b03-444a-84c7-ce1ba03b5573}]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 06:22 PM 21898024]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [10/30/2006 11:01 AM 392832]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [11/29/2005 07:19 PM 57344]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [02/26/2008 04:23 AM 443968]
"MRC"="C:\Program Files\PC Tune-Up\PCTuneUp.exe" [10/12/2007 10:57 AM 2435072]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM 1694208]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [09/11/2007 07:43 PM 95536]
"SmileboxTray"="C:\Documents and Settings\user\Application Data\Smilebox\SmileboxTray.exe" [02/22/2008 02:38 PM 201352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM 204288]
"Google Update"="C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [05/18/2008 10:46 AM 119280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [04/23/2008 02:08 AM 483328]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [01/31/2006 03:20 PM 180224]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [11/29/2005 07:19 PM 40960]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/10/2005 11:49 PM 7286784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/10/2005 11:49 PM 86016]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [10/10/2007 05:06 PM 2997984]
"VX3000"="C:\WINDOWS\vVX3000.exe" [10/13/2006 06:04 PM 707376]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 12:22 AM 3739648]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [07/16/2005 12:48 AM 479232]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [10/13/2006 06:01 PM 277296]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM 385024]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/29/2005 08:09 PM 980736]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/18/2005 05:14 PM 180269]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 07:58 PM 856064]
"UVS11 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [07/23/2007 02:55 PM 341232]
"Corel File Shell Monitor"="C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [10/30/2007 08:52 PM 16200]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM 144784]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/16/2008 04:48 PM 1177368]
"SBAutoUpdate"="C:\Program Files\SpywareBlaster\sbautoupdate.exe" [02/28/2008 09:58 PM 902696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/04/2004 01:56 AM 15360]
C:\Documents and Settings\user\Start Menu\Programs\Startup\
Google Talk, Labs Edition.lnk - C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe [2008-05-08 11:29:34 94704]
Password Safe.lnk - C:\Program Files\Password Safe\pwsafe.exe [2008-02-22 10:07:58 1650688]
SAM.lnk - C:\Program Files\SAM\SAM.exe [2006-03-26 11:32:33 851968]
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 01:34:48 3746856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-01-30 18:27:47 25214]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-01-19 01:48:26 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"wave2"= samvcumd.dll
"mixer2"= samvcumd.dll
"VIDC.MJPG"= Pvmjpg30.dll
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Shortcut to Babylon.exe.lnk]
backup=C:\WINDOWS\pss\Shortcut to Babylon.exe.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe /c
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"OM_Monitor"=C:\Program Files\Olympus\OLYMPUS Master\Monitor.exe
"PowerBar"="C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\WM Recorder\\WMR90.exe"=
"C:\\Program Files\\BUFFALO\\Client Manager\\CLIENTMG\\ESSIDSET.exe"=
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Documents and Settings\\user\\Local Settings\\Application Data\\Google\\Google Talk, Labs Edition\\GoogleTalkLabsEdition.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"55357:TCP"= 55357:TCP:MetacafeNetworking TCP Port
"42352:UDP"= 42352:UDP:MetacafeNetworking UDP Port
"4662:TCP"= 4662:TCP:TCP Mule
"4672:UDP"= 4672:UDP:UDP Mule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 1 (0x1)
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [05/16/2008 04:49 PM]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [08/14/2002 04:11 PM]
R1 SamVirtualCable;SAM Virtual Cable;C:\WINDOWS\system32\drivers\samvckmd.sys [02/20/2006 02:21 PM]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [05/16/2008 04:48 PM]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [10/13/2006 06:01 PM]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [02/16/2007 11:12 AM]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [02/16/2007 10:30 AM]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [02/15/2007 04:11 PM]
S3 ESSIDSET;ESSIDSET;C:\Program Files\BUFFALO\Client Manager\CLIENTMG\ESSIDSET.sys [12/06/2002 04:49 PM]
S4 ACDSee Share;ACDSee Share;"C:\Program Files\Common Files\ACD Systems\acdseesharesvc.exe" [09/16/2004 05:51 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1446f99-28ac-11dc-905e-000fea431499}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-05-21 00:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-05-21 12:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-21 00:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-05-21 00:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2008-05-20 17:50:36 C:\WINDOWS\Tasks\User_Feed_Synchronization-{EF2467E9-1E9C-47C1-953E-EAB86BDA682B}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-21 21:45:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\C:\WINDOWS\TEMP\mc22.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\samvcumd.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\samvcumd.dll
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\samvcumd.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 05/21/2008 21:55:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-21 18:55:17
Pre-Run: 22,903,685,120 bytes free
Post-Run: 22,851,559,424 bytes free
304 --- E O F --- 2008-05-21 00:03:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:53:21, on 21/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Documents and Settings\user\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\user\Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.web1.crabdance.com/proxy.pac
R3 - URLSearchHook: findercoil Toolbar - {67aa0145-a051-4660-a910-22da3bab1fa5} - C:\Program Files\findercoil\tbfin0.dll
R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AGFormHelperObj Class - {6620E618-1AB9-4EB2-ACA4-CBBE9066DBE6} - C:\Program Files\agat\AGForm\AGFormsHelper.dll
O2 - BHO: findercoil Toolbar - {67aa0145-a051-4660-a910-22da3bab1fa5} - C:\Program Files\findercoil\tbfin0.dll
O2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: &Google Notebook - {CCCCCCD3-666F-4F81-8B69-745DE9F6D897} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17--1022306550.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.17--1022306550.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - (no file)
O3 - Toolbar: AGForms - {ed2e7de7-07db-4941-a06d-f780b93ba730} - C:\Program Files\agat\AGForm\AGForms.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: findercoil Toolbar - {67aa0145-a051-4660-a910-22da3bab1fa5} - C:\Program Files\findercoil\tbfin0.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFox1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MRC] "C:\Program Files\PC Tune-Up\PCTuneUp.exe" /MBRSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\user\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Google Talk, Labs Edition.lnk = Local Settings\Application Data\Google\Google Talk, Labs Edition\GoogleTalkLabsEdition.exe
O4 - Startup: Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe
O4 - Startup: SAM.lnk = C:\Program Files\SAM\SAM.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} (first direct internet banking plus digital safe) - https://internetbankingplus2.firstdirect.com/ibplus/frontdoorFD.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.pia.co.il/download/CfxIEAx.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.4.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137362610500
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: :\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 16423 bytes
Hope this spells out healthy computer. I am going to uninstall combifix in order not to activate it accedentally.
Thanks again for this interesting methodology.
--------------------
--------------------------------
One Life, Live it Well
--------------------------------
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
We need to remove combofix properly.
combofix cleanup.
Time for some housekeeping
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
[list] 
When shown the disclaimer, Select "2"[/list]
The above procedure will:
- Delete the following:[list]
- ComboFix and its associated files and folders.
- VundoFix backups, if present
- The C:\Deckard folder, if present
- The C:_OtMoveIt folder, if present
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Reset System Restore.[/list]
then :-
DISABLE SYSTEM RESTORE
To flush out infected restore points.
Then restart your system restore.(same page).then create a new restore point :-
click START\ALL PROGRAMS\ACCESSORIES\SYSTEM TOOLS\SYSTEM RESTORE. click on "create new restore point"
click on NEXT and follow the prompts.
this is to ensure that if you have to do a system restore in the future that you don't get all the infections reinstalled again.
Then :-
Download and scan with CCleaner - CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation.
IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
- Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Then select "Cookies"
Move any cookies you wish to retain, e.g. login cookies, in the left-hand window to the right-hand window by highlighting them and clicking the right arrow in the centre.
- Then select the items you wish to clean up.
In the Windows Tab:
• Clean all entries in the "Internet Explorer" section.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.
In the Applications Tab:
• Clean all entries in the Mozilla Firefox Section.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.
- Click the "Run Cleaner" button.
- A pop up box will appear advising this process will permanently delete files from your system.
- Click "OK" and it will scan and clean your system.
- Click "exit" when done.
then DEFRAG your C:\ drive.
to help speed up your system.
then let us know how the computer is running.
HOW DID I GET INFECTED
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
Ariey2k
new user
Reg'd: Wed
Posts: 3
|
|
Its a done deed, computer running fine, it was a breath taking experience to follow all these instructions but it worked. Thank you so much.
--------------------
--------------------------------
One Life, Live it Well
--------------------------------
|
bricat
HijackThis Helper
Reg'd: Wed
Posts: 28272
Loc: belfast
|
|
you're welcome.
--------------------
MY HELP IS FREE,BUT PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST SPYWARE.
A computer once beat me at chess, but it was no match for me at kick boxing.
|
|
0 registered and 27 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Topic
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Topic views: 0
|
|
|
|
|
Previous
Index
Next
Threaded
Edit
Reply
Quote
