Jump to content


Photo

pop up on IE and creates shortcuts on desktop


  • This topic is locked This topic is locked
16 replies to this topic

#1 gtothebomb

gtothebomb

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 09 June 2007 - 12:38 AM

well whenever i open my IE a pop up comes up and somehow it creates a shortcut onto the desktop that goes to some advertisement link.

heres my HJT

Logfile of HijackThis v1.99.1
Scan saved at 10:35:58 PM, on 6/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lwintndt.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kingston Yan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....y...pt&.intl=us
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: H - {C9905EF0-610F-4404-9030-A3F345D069F5} - C:\WINDOWS\system32\comi.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] -Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] -KHALMNPR.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] -C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ATICCC] -"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [mmtask] -C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] -C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] -"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] -KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] -"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{72-28-88-80-ZN}] c:\windows\system32\msdsregk.exe OLI001
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwintndt.exe OLI001
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] -C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] -
O4 - HKCU\..\Run: [LDM] -C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] -
O4 - HKCU\..\Run: [Creative WebCam Tray] -C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\lwintndt.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: PUFLITE - http://www.123henry....rol/PUFLITE.CAB
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095586984553
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,37
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - -"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - -C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - -"C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Symantec Core LC - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 11 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 14 June 2007 - 10:05 PM

Hi gtothebomb,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

OK, hereís what we do next.

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: H - {C9905EF0-610F-4404-9030-A3F345D069F5} - C:\WINDOWS\system32\comi.dll
O4 - HKLM\..\Run: [{72-28-88-80-ZN}] c:\windows\system32\msdsregk.exe OLI001
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lwintndt.exe OLI001
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\lwintndt.exe
O16 - DPF: PUFLITE - http://www.123henry....rol/PUFLITE.CAB



Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Using Windows Explorer (right-click your "Start" button and select "Explore"), please navigate to and delete the following FILES (if they exist):

C:\WINDOWS\system32\lwintndt.exe
C:\WINDOWS\system32\comi.dll
c:\windows\system32\msdsregk.exe
C:\WINDOWS\system32\dwdsregt.exe


Please let me know if you encountered any problems finding or deleting the files/folders.


NEXT:

I notice that your system doesnít have an anti-virus program running. This can be suicidal in todayís digital age. :)

So, letís set you up with a FREE and excellent anti-virus program called Active Virus Shield (Powered by Kaspersky). This is a highly ranked and highly regarded anti-virus program by our experts. Itís ranked #3 in the latest anti-virus test here:
http://www.virus.gr/...l...d=85&mnu=85

Please download Active Virus Shield (Powered by Kaspersky) and save it to your desktop.
  • Please remember to register for your Activation Code using a legitimate email address.
  • Double-click avs.msi to run the installer, but please uncheck "Install Security Toolbar" during the installation process:


    Posted Image


  • Then please update the program and run a scan on "My Computer". Allow it to "Neutralize All" that it finds.
  • When done, launch Active Virus Shield's main window.


    Posted Image


  • Click the "Scan" button on the left, and then click "Detected".


    Posted Image


  • In the ensuing window, click the "Save As" button to save a copy of the log.
  • Copy and paste that log in your next reply.
Note: You must use only 1 (one) AV at a time because if you have 2 or more AVs running at the same time, they will conflict with each other and make your security less reliable.


NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the Active Virus Shield scan.
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#4 gtothebomb

gtothebomb

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 14 June 2007 - 10:58 PM

i couldnt delete the file comi.dll but i did delete the first file the last 2 i couldnt find or dont have.

#5 gtothebomb

gtothebomb

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 15 June 2007 - 04:47 AM

i couldnt delete the file comi.dll but i did delete the first file the last 2 i couldnt find or dont have.


NVM i deleted the program or Trojan with the virus scan u recommended thanks

#6 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 15 June 2007 - 09:55 AM

Hi gtothebomb, :wave:

Would you happen to have the logs that I asked for? :)
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#7 gtothebomb

gtothebomb

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 15 June 2007 - 12:25 PM

new log


Logfile of HijackThis v1.99.1
Scan saved at 10:25:39 AM, on 6/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp3\Winamp3.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Kingston Yan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....y...pt&.intl=us
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] -Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] -KHALMNPR.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] -C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ATICCC] -"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [mmtask] -C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] -C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] -"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] -KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] -C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] -
O4 - HKCU\..\Run: [LDM] -C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] -
O4 - HKCU\..\Run: [Creative WebCam Tray] -C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095586984553
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,37
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - -"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - -C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Symantec Core LC - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)

#8 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 15 June 2007 - 11:21 PM

Hi gtothebomb, :wave:

Could I see the ComboFix log and the Active Virus Shield log, please? :)
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#9 gtothebomb

gtothebomb

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 16 June 2007 - 08:10 PM

heres the combofix log i think
ComboFix 07-06-13.3 - C:\Documents and Settings\Kingston Yan\Desktop\ComboFix.exe
"Kingston Yan" - 2007-06-16 17:54:03 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\tsks~1
C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-Moz\buddy.dat
C:\Program Files\download plugin\DlPlugin-Moz\vendor.txt
C:\WINDOWS\b.exe
C:\WINDOWS\system32\boa.dat
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\wnscpsv.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\npf


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-16 17:53 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 02:33 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-15 02:33 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-06-15 02:33 34,615 --a------ C:\WINDOWS\scunin.dat
2007-06-15 02:32 <DIR> d-------- C:\Program Files\Starcraft
2007-06-15 02:12 6,166,304 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-15 02:12 15,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-13 02:04 <DIR> d-------- C:\Program Files\LastChaosUSA
2007-06-08 17:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-06-08 17:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-06 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-06-06 14:12 931 --a------ C:\WINDOWS\system32\winpfz32.sys
2007-06-06 14:11 1 --a------ C:\WINDOWS\system32\ps.dat
2007-06-06 13:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-06-04 00:44 <DIR> d-------- C:\Program Files\IMPlus 1.38 for MSSP
2007-05-31 20:04 96,968 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-05-23 10:34 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-19 13:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-15 09:50:53 -------- d-----w C:\Program Files\Trillian
2007-06-13 09:04:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-09 00:19:52 -------- d-----w C:\Program Files\Google
2007-06-06 21:22:08 -------- d-----w C:\Program Files\SlySoft
2007-06-04 06:38:00 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-05-30 21:09:22 -------- d-----w C:\Program Files\Xilisoft
2007-05-30 10:45:00 -------- d-----w C:\Program Files\Apple Software Update
2007-05-28 21:44:06 -------- d-----w C:\Program Files\palmOne
2007-05-24 18:59:50 -------- d-----w C:\Program Files\Moto EzX Video Producer
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 00:10:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2007-04-28 01:16:25 -------- d-----w C:\DOCUME~1\KINGST~1\APPLIC~1\Aim
2007-04-27 23:11:30 -------- d--h--w C:\DOCUME~1\KINGST~1\APPLIC~1\GTek
2007-04-26 05:15:23 -------- d-----w C:\Program Files\Microsoft Works
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 06:33:41 -------- d-----w C:\Program Files\Common Files\DataViz
2007-04-20 06:13:31 -------- d-----w C:\Program Files\Documents To Go
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-30 03:52:24 28,272 ----a-w C:\DOCUME~1\KINGST~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-21 05:23:54 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2001-08-18 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56:44 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-08 17:19]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-08 17:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="-Logi_MwX.Exe" []
"Logitech Hardware Abstraction Layer"="-KHALMNPR.EXE" []
"MSKDetectorExe"="-C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"ATICCC"="-C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []
"mmtask"="-C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" []
"ISUSPM Startup"="-C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="-C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"Kernel and Hardware Abstraction Layer"="-KHALMNPR.EXE" []
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"QuickTime Task"="-C:\Program Files\QuickTime\qttask.exe" []
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 12:21]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="-C:\WINDOWS\system32\ctfmon.exe" []
"PhotoShow Deluxe Media Manager"="-C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" []
"MsnMsgr"="-C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Steam"="-" []
"LDM"="-C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" []
"Aim6"="-" []
"Creative WebCam Tray"="-C:\Program Files\Creative\Shared Files\CamTray.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]
C:\Program Files\SETI@home\SETI@home.exe -min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZingSpooler]
C:\Program Files\Common Files\Zing\ZingSpooler.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0b3f314-12f0-11db-8e9c-00116720da4c}]
AutoRun\command- F:\autorun.exe
directx\command- F:\DirectX9\dxsetup.exe
setup\command- F:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-06-13 00:03:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-16 18:04:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

? [4052]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-16 18:06:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-16 18:06

--- E O F ---
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\tsks~1
C:\Program Files\download plugin
C:\Program Files\download plugin\DlPlugin-Moz\buddy.dat
C:\Program Files\download plugin\DlPlugin-Moz\vendor.txt
C:\WINDOWS\b.exe
C:\WINDOWS\system32\boa.dat
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\wnscpsv.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\npf


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


No new files created in this timespan


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-15 09:50:53 -------- d-----w C:\Program Files\Trillian
2007-06-13 09:04:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-09 00:19:52 -------- d-----w C:\Program Files\Google
2007-06-06 21:22:08 -------- d-----w C:\Program Files\SlySoft
2007-06-04 06:38:00 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-05-30 21:09:22 -------- d-----w C:\Program Files\Xilisoft
2007-05-30 10:45:00 -------- d-----w C:\Program Files\Apple Software Update
2007-05-28 21:44:06 -------- d-----w C:\Program Files\palmOne
2007-05-24 18:59:50 -------- d-----w C:\Program Files\Moto EzX Video Producer
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 00:10:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2007-04-28 01:16:25 -------- d-----w C:\DOCUME~1\KINGST~1\APPLIC~1\Aim
2007-04-27 23:11:30 -------- d--h--w C:\DOCUME~1\KINGST~1\APPLIC~1\GTek
2007-04-26 05:15:23 -------- d-----w C:\Program Files\Microsoft Works
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 06:33:41 -------- d-----w C:\Program Files\Common Files\DataViz
2007-04-20 06:13:31 -------- d-----w C:\Program Files\Documents To Go
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-30 03:52:24 28,272 ----a-w C:\DOCUME~1\KINGST~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-21 05:23:54 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2001-08-18 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56:44 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-08 17:19]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-08 17:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="-Logi_MwX.Exe" []
"Logitech Hardware Abstraction Layer"="-KHALMNPR.EXE" []
"MSKDetectorExe"="-C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"ATICCC"="-C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []
"mmtask"="-C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" []
"ISUSPM Startup"="-C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="-C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"Kernel and Hardware Abstraction Layer"="-KHALMNPR.EXE" []
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"QuickTime Task"="-C:\Program Files\QuickTime\qttask.exe" []
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 12:21]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="-C:\WINDOWS\system32\ctfmon.exe" []
"PhotoShow Deluxe Media Manager"="-C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" []
"MsnMsgr"="-C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Steam"="-" []
"LDM"="-C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" []
"Aim6"="-" []
"Creative WebCam Tray"="-C:\Program Files\Creative\Shared Files\CamTray.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]
C:\Program Files\SETI@home\SETI@home.exe -min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZingSpooler]
C:\Program Files\Common Files\Zing\ZingSpooler.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0b3f314-12f0-11db-8e9c-00116720da4c}]
AutoRun\command- F:\autorun.exe
directx\command- F:\DirectX9\dxsetup.exe
setup\command- F:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-06-13 00:03:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-16 18:08:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-16 18:09:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-16 18:09

--- E O F ---


AVS Log

Scan Critical Areas
-------------------
Scanned: 9821
Detected: 0
Untreated: 0
Start time: 6/16/2007 5:49:18 PM
Duration: 00:02:06
Finish time: 6/16/2007 5:51:24 PM


Detected
--------
Status Object
------ ------


Events
------
Time Name Status Reason
---- ---- ------ ------
6/16/2007 5:49:18 PM Running module: smss.exe\smss.exe ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\System32\smss.exe ok iSwift
6/16/2007 5:49:18 PM Running module: smss.exe\ntdll.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ntdll.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\csrss.exe ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\csrss.exe ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\ntdll.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ntdll.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\CSRSRV.dll ok scanned
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\CSRSRV.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\basesrv.dll ok scanned
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\basesrv.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\winsrv.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\winsrv.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\GDI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\GDI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\KERNEL32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\KERNEL32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\USER32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USER32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\LPK.DLL ok scanned
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\LPK.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\USP10.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USP10.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\msvcrt.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msvcrt.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\ADVAPI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ADVAPI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\RPCRT4.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\RPCRT4.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\sxs.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\sxs.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\Apphelp.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\Apphelp.dll ok iSwift
6/16/2007 5:49:18 PM Running module: csrss.exe\VERSION.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\VERSION.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\winlogon.exe ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\winlogon.exe ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\ntdll.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ntdll.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\kernel32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\kernel32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\ADVAPI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ADVAPI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\RPCRT4.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\RPCRT4.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\AUTHZ.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\AUTHZ.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\msvcrt.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msvcrt.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\CRYPT32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\CRYPT32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\USER32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USER32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\GDI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\GDI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\MSASN1.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MSASN1.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\NDdeApi.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\NDdeApi.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\PROFMAP.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\PROFMAP.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\NETAPI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\NETAPI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\USERENV.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USERENV.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\PSAPI.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\PSAPI.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\REGAPI.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\REGAPI.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\Secur32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\Secur32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\SETUPAPI.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SETUPAPI.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\VERSION.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\VERSION.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WINSTA.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WINSTA.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WINTRUST.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WINTRUST.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\IMAGEHLP.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\IMAGEHLP.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WS2_32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WS2_32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WS2HELP.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WS2HELP.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\IMM32.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\IMM32.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\LPK.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\LPK.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\USP10.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USP10.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\MSGINA.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MSGINA.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\SHELL32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SHELL32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\SHLWAPI.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SHLWAPI.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\COMCTL32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\COMCTL32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\ODBC32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ODBC32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\comdlg32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\comdlg32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\comctl32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\odbcint.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\odbcint.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\SHSVCS.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SHSVCS.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\sfc.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\sfc.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\sfc_os.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\sfc_os.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\ole32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ole32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\Apphelp.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\Apphelp.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\msctfime.ime ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msctfime.ime ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WINSCARD.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WINSCARD.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WTSAPI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WTSAPI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\sxs.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\sxs.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WINMM.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WINMM.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\uxtheme.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\uxtheme.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\Ati2evxx.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\Ati2evxx.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\rsaenh.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\rsaenh.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\cscdll.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\cscdll.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\klogon.dll ok scanned
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\klogon.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\OLEAUT32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\OLEAUT32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WlNotify.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WlNotify.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WINSPOOL.DRV ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WINSPOOL.DRV ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\MPR.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MPR.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WgaLogon.dll ok scanned
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WgaLogon.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\NTMARTA.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\NTMARTA.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\WLDAP32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WLDAP32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\SAMLIB.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SAMLIB.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\CLBCATQ.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\CLBCATQ.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\COMRes.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\COMRes.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\asycfilt.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\asycfilt.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\msv1_0.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msv1_0.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\iphlpapi.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\iphlpapi.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\cscui.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\cscui.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\xpsp2res.dll ok scanned
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\xpsp2res.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\wdmaud.drv ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\wdmaud.drv ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\msacm32.drv ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msacm32.drv ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\MSACM32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MSACM32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: winlogon.exe\midimap.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\midimap.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\services.exe ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\services.exe ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\ntdll.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ntdll.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\kernel32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\kernel32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\msvcrt.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msvcrt.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\ADVAPI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ADVAPI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\RPCRT4.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\RPCRT4.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\USER32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USER32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\GDI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\GDI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\USERENV.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USERENV.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\SCESRV.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SCESRV.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\AUTHZ.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\AUTHZ.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\umpnpmgr.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\umpnpmgr.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\WINSTA.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WINSTA.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\NETAPI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\NETAPI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\NCObjAPI.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\NCObjAPI.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\MSVCP60.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MSVCP60.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\ShimEng.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ShimEng.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\AcAdProc.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\AppPatch\AcAdProc.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\IMM32.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\IMM32.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\LPK.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\LPK.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\USP10.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USP10.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\secur32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\secur32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\Apphelp.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\Apphelp.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\VERSION.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\VERSION.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\eventlog.dll ok scanned
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\eventlog.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\WS2_32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WS2_32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\WS2HELP.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WS2HELP.dll ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\PSAPI.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\PSAPI.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: services.exe\wtsapi32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\wtsapi32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\lsass.exe ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\lsass.exe ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\ntdll.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ntdll.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\kernel32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\kernel32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\ADVAPI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ADVAPI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\RPCRT4.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\RPCRT4.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\LSASRV.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\LSASRV.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\MPR.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MPR.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\USER32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USER32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\GDI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\GDI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\MSASN1.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MSASN1.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\msvcrt.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msvcrt.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\NETAPI32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\NETAPI32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\NTDSAPI.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\NTDSAPI.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\DNSAPI.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\DNSAPI.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\WS2_32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WS2_32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\WS2HELP.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WS2HELP.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\WLDAP32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WLDAP32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\Secur32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\Secur32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\SAMLIB.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SAMLIB.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\SAMSRV.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SAMSRV.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\cryptdll.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\cryptdll.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\ShimEng.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ShimEng.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\AcGenral.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\AppPatch\AcGenral.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\WINMM.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\WINMM.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\ole32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\ole32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\OLEAUT32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\OLEAUT32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\MSACM32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MSACM32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\VERSION.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\VERSION.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\SHELL32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SHELL32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\SHLWAPI.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\SHLWAPI.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\USERENV.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USERENV.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\UxTheme.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\UxTheme.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\IMM32.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\IMM32.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\LPK.DLL ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\LPK.DLL ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\USP10.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\USP10.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\comctl32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\comctl32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\comctl32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\msprivs.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msprivs.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\kerberos.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\kerberos.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\msv1_0.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\msv1_0.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\iphlpapi.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\iphlpapi.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\netlogon.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\netlogon.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\w32time.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\w32time.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\MSVCP60.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\MSVCP60.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\schannel.dll ok scanned
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\schannel.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\CRYPT32.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\CRYPT32.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\wdigest.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\wdigest.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\rsaenh.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\rsaenh.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\setupapi.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\setupapi.dll ok iSwift
6/16/2007 5:49:18 PM Running module: lsass.exe\scecli.dll ok iChecker
6/16/2007 5:49:18 PM File: C:\WINDOWS\system32\scecli.dll ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\ipsecsvc.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\ipsecsvc.dll ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\AUTHZ.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\AUTHZ.dll ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\oakley.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\oakley.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\WINIPSEC.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\WINIPSEC.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\mswsock.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\mswsock.dll ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\hnetcfg.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\hnetcfg.dll ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\wshtcpip.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\System32\wshtcpip.dll ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\pstorsvc.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\pstorsvc.dll ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\psbase.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\psbase.dll ok iSwift
6/16/2007 5:49:19 PM Running module: lsass.exe\dssenh.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\dssenh.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\Ati2evxx.exe ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\Ati2evxx.exe ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\ntdll.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\ntdll.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\kernel32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\kernel32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\USER32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\USER32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\GDI32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\GDI32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\ole32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\ole32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\ADVAPI32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\ADVAPI32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\RPCRT4.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\RPCRT4.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\msvcrt.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\msvcrt.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\OLEAUT32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\OLEAUT32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\IMM32.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\IMM32.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\LPK.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\LPK.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\USP10.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\USP10.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\Secur32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\Secur32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\msctfime.ime ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\msctfime.ime ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\Ati2edxx.dll ok scanned
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\Ati2edxx.dll ok iSwift
6/16/2007 5:49:19 PM Running module: ati2evxx.exe\uxtheme.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\uxtheme.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\svchost.exe ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\svchost.exe ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\ntdll.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\ntdll.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\kernel32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\kernel32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\ADVAPI32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\ADVAPI32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\RPCRT4.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\RPCRT4.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\ShimEng.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\ShimEng.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\AcGenral.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\AppPatch\AcGenral.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\USER32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\USER32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\GDI32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\GDI32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\WINMM.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\WINMM.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\ole32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\ole32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\msvcrt.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\msvcrt.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\OLEAUT32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\OLEAUT32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\MSACM32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\MSACM32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\VERSION.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\VERSION.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\SHELL32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\SHELL32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\SHLWAPI.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\SHLWAPI.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\USERENV.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\USERENV.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\UxTheme.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\UxTheme.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\IMM32.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\IMM32.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\LPK.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\LPK.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\USP10.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\USP10.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\comctl32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\comctl32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\comctl32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\NTMARTA.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\NTMARTA.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\WLDAP32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\WLDAP32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\SAMLIB.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\SAMLIB.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\rpcss.dll ok iChecker
6/16/2007 5:49:19 PM File: c:\windows\system32\rpcss.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\Secur32.dll ok iChecker
6/16/2007 5:49:19 PM File: c:\windows\system32\Secur32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\WS2_32.dll ok iChecker
6/16/2007 5:49:19 PM File: c:\windows\system32\WS2_32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\WS2HELP.dll ok iChecker
6/16/2007 5:49:19 PM File: c:\windows\system32\WS2HELP.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\xpsp2res.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\xpsp2res.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\CLBCATQ.DLL ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\CLBCATQ.DLL ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\COMRes.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\COMRes.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\Apphelp.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\Apphelp.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\WTSAPI32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\WTSAPI32.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\WINSTA.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\WINDOWS\system32\WINSTA.dll ok iSwift
6/16/2007 5:49:19 PM Running module: svchost.exe\NETAPI32.dll ok iChecker
6/16/2007 5:49:19 PM File: C:\

Edited by gtothebomb, 16 June 2007 - 08:12 PM.


#10 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 17 June 2007 - 12:53 AM

Hi gtothebomb,

OK, letís pick up the leftovers.

Please delete this FILE (if found):

C:\WINDOWS\system32\winpfz32.sys


NEXT:

Let's run some cleanup and diagnostic scans to make sure we're not leaving anything behind.

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you donít know how to use it, you may cause irreparable damage to your system.


NEXT:

Please download Dr.Web CureIt and save it to your desktop:
  • Double-click the cureit.exe file, select "Start", and allow it to run the "Express Scan".
  • This will scan the files currently running in memory and when something is found, click the "Yes" button when it asks you if you want to cure it. This is only a short scan.
  • It could be possible it displays a popup to buy it in between, to buy or 50% discount. Just close that popup again.
  • Once the short scan has finished, click Options -> Change settings.
  • Choose the "Scan" tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives; a red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Once the scan has finished, it will display a list of the files found and checked by default.
  • If the file "process.exe" was found - uncheck it. This is because this file is related with some of our cleaning tools and the tools need it. Most scanners do flag this file as a bad tool, but there's nothing wrong with it.
  • Then, click "Yes to all" if Dr.Web CureIt asks if you want to cure/move any infected files.
  • When the scan has finished, look if you can click the icon next to the files found: Posted Image
  • If so, click it, and then click the next icon right below and select "Move incurable" as you'll see in next image:

    Posted Image

  • This will move infected files to the %userprofile%\DoctorWeb\quarantine folder if they can't be cured (this is in case if we need samples).
  • After selecting, in the Dr.Web CureIt menu on top, click "File" and choose "Save report list".
  • Save the report to your desktop. The report will be called DrWeb.csv.
  • Close Dr.Web CureIt.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

NEXT:

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  • Click on "Kaspersky Online Scanner".
  • You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "Next".
  • Now click on "Scan Settings".
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click "OK".
  • Now under select a target to scan:
    • Select "My Computer".
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the Dr.Web CureIt scan.
  • The log from the Kaspersky scan.
  • A new ComboFix log.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#11 gtothebomb

gtothebomb

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 19 June 2007 - 08:36 PM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:25, on 2007-06-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\hpoipm07.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kingston Yan\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....y...pt&.intl=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Logitech Utility] -Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] -KHALMNPR.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] -C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ATICCC] -"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [mmtask] -C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ISUSPM Startup] -C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] -"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] -KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] -C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] -C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] -
O4 - HKCU\..\Run: [LDM] -C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] -
O4 - HKCU\..\Run: [Creative WebCam Tray] -C:\Program Files\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HPAiODevice(hp psc 900 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 900 series\Bin\hpobrt07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\Lime_Shop\Sy700\Tp700\scri700a.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095586984553
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestat....cab?v=1,0,0,37
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - -"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (file missing)
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - -C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe" (file missing)
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (file missing)
O23 - Service: Symantec Core LC - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)

--
End of file - 10697 bytes



ComboFix 07-06-18.2 - C:\Documents and Settings\Kingston Yan\Desktop\ComboFix.exe
"Kingston Yan" - 2007-06-19 18:27:04 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\msxml3a.dll


((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))


2007-06-19 23:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-19 12:16 <DIR> d-------- C:\DOCUME~1\KINGST~1\DoctorWeb
2007-06-19 11:49 <DIR> d-------- C:\Program Files\CCleaner
2007-06-19 00:34 <DIR> d-------- C:\JET_LI_FEARLESS
2007-06-17 21:10 <DIR> d-------- C:\Icons
2007-06-16 17:53 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-15 02:33 967 --a------ C:\WINDOWS\ScUnin.pif
2007-06-15 02:33 70,656 --a------ C:\WINDOWS\ScUnin.exe
2007-06-15 02:33 34,615 --a------ C:\WINDOWS\scunin.dat
2007-06-15 02:32 <DIR> d-------- C:\Program Files\Starcraft
2007-06-15 02:12 6,599,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-06-15 02:12 35,104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-06-13 02:04 <DIR> d-------- C:\Program Files\LastChaosUSA
2007-06-08 17:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-06-08 17:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-06 14:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Elaborate Bytes
2007-06-06 14:11 1 --a------ C:\WINDOWS\system32\ps.dat
2007-06-06 13:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-06-04 00:44 <DIR> d-------- C:\Program Files\IMPlus 1.38 for MSSP
2007-05-31 20:04 96,968 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-05-23 10:34 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-19 13:08 86,016 --a------ C:\WINDOWS\system32\ElbyCDIO.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 18:54:13 -------- d-----w C:\Program Files\ewido anti-malware
2007-06-19 08:17:51 -------- d-----w C:\Program Files\Trillian
2007-06-13 09:04:04 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-09 00:19:52 -------- d-----w C:\Program Files\Google
2007-06-06 21:22:08 -------- d-----w C:\Program Files\SlySoft
2007-06-04 06:38:00 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-05-30 21:09:22 -------- d-----w C:\Program Files\Xilisoft
2007-05-30 10:45:00 -------- d-----w C:\Program Files\Apple Software Update
2007-05-28 21:44:06 -------- d-----w C:\Program Files\palmOne
2007-05-24 18:59:50 -------- d-----w C:\Program Files\Moto EzX Video Producer
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 00:10:00 1,392,671 ----a-w C:\WINDOWS\system32\msvbvm60.dll
2007-04-28 01:16:25 -------- d-----w C:\DOCUME~1\KINGST~1\APPLIC~1\Aim
2007-04-27 23:11:30 -------- d--h--w C:\DOCUME~1\KINGST~1\APPLIC~1\GTek
2007-04-26 05:15:23 -------- d-----w C:\Program Files\Microsoft Works
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-20 06:33:41 -------- d-----w C:\Program Files\Common Files\DataViz
2007-04-20 06:13:31 -------- d-----w C:\Program Files\Documents To Go
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-30 03:52:24 28,272 ----a-w C:\DOCUME~1\KINGST~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-03-21 05:23:54 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2001-08-18 12:00:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56:46 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56:42 1,028,096 --sh--w C:\WINDOWS\system32\mfc42.dll
2004-08-04 07:56:43 54,784 --sh--w C:\WINDOWS\system32\msvcirt.dll
2004-08-04 07:56:43 413,696 --sh--w C:\WINDOWS\system32\msvcp60.dll
2004-08-04 07:56:44 553,472 --sh--w C:\WINDOWS\system32\oleaut32.dll
2004-08-04 07:56:44 83,456 --sh--w C:\WINDOWS\system32\olepro32.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-06-08 17:19]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-08 17:19]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="-Logi_MwX.Exe" []
"Logitech Hardware Abstraction Layer"="-KHALMNPR.EXE" []
"MSKDetectorExe"="-C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" []
"ATICCC"="-C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" []
"mmtask"="-C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" []
"ISUSPM Startup"="-C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="-C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"Kernel and Hardware Abstraction Layer"="-KHALMNPR.EXE" []
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"QuickTime Task"="-C:\Program Files\QuickTime\qttask.exe" []
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 12:21]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="-C:\WINDOWS\system32\ctfmon.exe" []
"PhotoShow Deluxe Media Manager"="-C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" []
"MsnMsgr"="-C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Steam"="-" []
"LDM"="-C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" []
"Aim6"="-" []
"Creative WebCam Tray"="-C:\Program Files\Creative\Shared Files\CamTray.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoClose"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Personal Coach.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk
backup=C:\WINDOWS\pss\Personal Coach.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seticlient]
C:\Program Files\SETI@home\SETI@home.exe -min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZingSpooler]
C:\Program Files\Common Files\Zing\ZingSpooler.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0b3f314-12f0-11db-8e9c-00116720da4c}]
AutoRun\command- F:\autorun.exe
directx\command- F:\DirectX9\dxsetup.exe
setup\command- F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d03956a4-5967-11d9-9e31-0060979350d2}]
AutoRun\command- E:\SETUP.EXE


Contents of the 'Scheduled Tasks' folder
2007-06-20 00:03:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 18:32:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-19 18:33:34
C:\ComboFix-quarantined-files.txt ... 2007-06-19 18:33
C:\ComboFix2.txt ... 2007-06-16 18:09

--- E O F ---


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-06-19 08:00
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 19/06/2007
Kaspersky Anti-Virus database records: 348720
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 129252
Number of viruses found: 1
Number of infected objects: 0 / 0
Number of suspicious objects: 2
Duration of the scan process: 03:01:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\004f_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip/update/actalert.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Kingston Yan\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Kingston Yan\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kingston Yan\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}\db.sqlite Object is locked skipped
C:\Documents and Settings\Kingston Yan\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\history.dat Object is locked skipped
C:\Documents and Settings\Kingston Yan\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\key3.db Object is locked skipped
C:\Documents and Settings\Kingston Yan\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kingston Yan\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kingston Yan\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kingston Yan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\Application Data\Mozilla\Firefox\Profiles\y4x5n4fu.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\History\History.IE5\MSHist012007061920070620\index.dat Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Kingston Yan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kingston Yan\ntuser.dat Object is locked skipped
C:\Documents and Settings\Kingston Yan\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\L0000012.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Kingston Yan\Data\storydb.idx Object is locked skipped
C:\Program Files\Trillian\users\default\logs\AIM\Query\ahblentleesix11.log Object is locked skipped
C:\Program Files\Trillian\users\default\logs\AIM\Query\aznbballa313.log Object is locked skipped
C:\Program Files\Trillian\users\default\logs\AIM\Query\billyboi59.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CCD88B2C-D66A-4973-AC1B-E5B09C6BF872}\RP835\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt Object is locked skipped
C:\WINDOWS\ModemLog_Bluetooth LAP Modem #2.txt Object is locked skipped
C:\WINDOWS\ModemLog_Bluetooth LAP Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{63A6FC21-53B4-4CAD-8CB9-4FC66CCC7514}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd7677.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\~DF49AB.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Dr web
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
MiniBugTransporter.dll;C:\Program Files\Common Files\Real\WeatherBug;Adware.Minibug;Incurable.Moved.;
Process.exe;C:\SDFix\apps;Tool.Prockill;;

#12 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 20 June 2007 - 12:05 AM

Hi gtothebomb, :wave:

The logs appear to be clean. :)

How are things running now? Any suspicious behaviour or persistent problem on your machine that I should know about?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#13 gtothebomb

gtothebomb

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 20 June 2007 - 05:17 AM

nope works wonderful i might post a HJT log for my other computer seems to be running slow. thanks for all the help this forum always solves my problems

#14 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 20 June 2007 - 06:41 AM

You're most welcome, gtothebomb. :)

If you have any problem with the other computer, please open a NEW TOPIC and post your logs there. Then PM me if you donít receive any help after some time.

Just some loose ends to tie up, and then we can let you go home. :)

Please follow these steps to remove older Java version components and update:
  • CLICK HERE to download the offline installer.
    • Select "Java Runtime Environment (JRE) 6u1" and click the "Download" button to the right.
    • Check the box that says "Accept License Agreement".
    • Click on the link to download "Windows Offline Installation, Multi-language".
    • Save the file to your desktop.
  • Next, uninstall your currently installed version from Add/Remove Programs.
  • If you have older versions listed uninstall them also. If you simply update to the new version it leaves the older versions still installed, complete with previous vulnerabilities.
  • Examples of older versions in Add/Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 2
    • Java™ SE Runtime Environment 6
  • Reboot your system.
  • Install the new version by double-clicking on the file you downloaded.

NEXT:

Everything looks great --- your HijackThis log appears to be clean. :)

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!)
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there.

  • Firewall (a must!)
    It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.
    Test your Firewall and make sure it is working properly.
    Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

  • Also make sure to run your antivirus software regularly, and to keep it up-to-date.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you do decide to install Firefox, please take a moment to read Switching from IE to Firefox.

  • SpywareBlaster
    This is a great FREE prevention tool to keep nasties from installing on your system.
    Tutorial: How to use!

  • IE-SPYAD
    This FREE tool adds over 15,000 items to your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    Tutorial: How to use!

  • Spybot - Search & Destroy
    This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
    Tutorial: How to use!

  • Ad-Aware 2007 Free
    This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware 2007 and Spybot Search & Destroy compliment each other very well.
    Tutorial: How to use!

  • I suggest that you download and install one or two of these FREE and good anti-trojan programs to use for ad-hoc scanning on your system:
    a-squared Free
    AVG Anti-Spyware Free
    SUPERAntiSpyware

  • I would also suggest you perform an online virus scan once in a while because what one virus scanner can't find, another one maybe can:
    BitDefender Online Scanner
    F-Secure Online Scanner
    Panda ActiveScan
    Dr.Web CureIt <-- This is not really an online scanner, as it is a standalone utility. You need to download a new copy for updated virus definitions, but it can be run in Safe Mode, unlike the online scanners above.
Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Hopefully this should take care of your problems! Good luck! :D
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#15 gtothebomb

gtothebomb

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 22 June 2007 - 04:19 AM

i cant seem to remove the old java software/component when i go tot he add/remove software and highlight the old java there isnt a remove button just shows the name and the memory it is taking up

#16 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 22 June 2007 - 10:47 AM

Hi gtothebomb, :wave:

You can use CCleaner to uninstall any older Java versions that may be in your system. Launch CCleaner, select Tools in the left pane, select any old Java entries and then click the Run Uninstaller button on the right.

Let me know how it goes. :)

Edited by Sempurna, 22 June 2007 - 10:48 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#17 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 25 July 2007 - 07:45 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button