Jump to content


Photo

One very screwed up computer


  • This topic is locked This topic is locked
23 replies to this topic

#1 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 10 June 2007 - 04:10 PM

Alright I'll try and describe the problems I have as much as possible.

I know it's a popular problem for a lot of people but I have to ask for myself since all PC's are different and I didn't want to follow someone elses directions and screw something up.

I use Netscape 7.1 or 7.2 (and I won't switch unless I HAVE to because I love this browser) and I get reoccuring pop-ups saying 'The operation timed out when trying to contact ad.yieldmanager.com' and something along the same lines with a reoccuring cpxinteractive ad. For some reason, lately it's started to pop-up LOTS more in a short amount of time. I probably have numerous other problems that I don't know about or are not showing themselves currently.

I have tried Spybot, Adaware, Ewido Anti-Spyware, AVG Anti-Virus, and a bunch of other crap. None of them work, even in safe mode because they just keep coming back.

Here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 5:09:54 PM, on 6/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\WINDOWS\System32\igfxtray.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\mkbzaaou.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\mkbzaaou.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.co...pside_web18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162607883234
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,523 posts

Posted 13 June 2007 - 06:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 13 June 2007 - 02:49 PM

I did, but someone knocked it back a page.

#4 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 15 June 2007 - 10:13 AM

Hi ILoveSeb,

Welcome to SpywareInfo! :wave:

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.
  • Save it to your desktop.
  • Double-click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you wonít be able to access the Internet to view these instructions.

Please download SDFix by AndyManchesta and save it to your desktop.

Double-click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix).

Please then reboot your computer into Safe Mode by doing the following:
  • Restart your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
  • Instead of Windows loading as normal, a menu with options should appear.
  • Select the first option, to run Windows in "Safe Mode", then press "Enter".
  • Choose your usual account.
Once in Safe Mode, please do the following:
  • Open the extracted C:\SDFix folder and double-click on RunThis.bat to start the script.
  • Type "Y" to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found, then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process, then display "Finished", press any key to end the script and load your desktop icons.
  • Once the desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally, copy and paste the contents of the results file Report.txt back onto the forum.

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • The log from the SDFix scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#5 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 15 June 2007 - 12:09 PM

Thanks for the response, I will do everything that is requested and update you as soon as finished!
Thanks.

#6 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 15 June 2007 - 01:02 PM

Righty-o.

COMBO FIX LOG:

ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-15 13:15:04 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\outlook


((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 )))))))))))))))))))))))))))))))


2007-06-15 13:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-12 15:19 <DIR> d-------- C:\Program Files\Restorer2000 Pro
2007-06-12 15:17 3,229,480 --a------ C:\Program Files\r2k_pro_3.exe
2007-06-12 15:07 1,123,966 --a------ C:\Program Files\undelete_plus_setup.exe
2007-06-12 15:05 4,082,688 --a------ C:\WINDOWS\system32\qtintf70.dll
2007-06-12 15:05 <DIR> d-------- C:\Program Files\Undelete NOW! Trial
2007-06-12 15:04 3,199,998 --a------ C:\Program Files\trialsetup.exe
2007-06-12 14:57 992,320 --a------ C:\Program Files\handyrecovery.exe
2007-06-12 14:55 4,700,304 --a------ C:\Program Files\frinstall.exe
2007-06-12 14:44 3,720,224 --a------ C:\Program Files\_masteruneraser_setup.exe
2007-06-12 14:36 5,075,472 --a------ C:\Program Files\RecoverMyFiles-Setup-WC.exe
2007-06-12 14:28 3,869,519 --a------ C:\Program Files\difrs.exe
2007-06-12 14:26 696,729 --a------ C:\Program Files\ntfs-fat-data-recovery-demo.exe
2007-06-12 14:24 <DIR> d-------- C:\Program Files\Restorer2000 Remote Engine
2007-06-12 14:19 592,704 --a------ C:\Program Files\r2k_eng_1.exe
2007-06-12 14:15 <DIR> d-------- C:\Recovered Files
2007-06-12 14:11 1,849,965 --a------ C:\Program Files\filerescuefat_setup.exe
2007-06-12 14:11 <DIR> d-------- C:\Program Files\FileRescue for FAT
2007-06-12 13:57 2,615,859 --a------ C:\Program Files\reviver_setup.exe
2007-06-07 11:30 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
2007-06-06 20:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-06 20:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-06 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-06 20:19 25,755,448 --a------ C:\Program Files\wmp11-windowsxp-x86-enu1.exe
2007-06-06 15:52 7,121,880 --a------ C:\Program Files\Windows-KB890830-V1.29.exe
2007-06-05 16:59 724,992 --a------ C:\WINDOWS\iun6002.exe
2007-06-05 16:59 2,038,288 --a------ C:\Program Files\vanisher-free.exe
2007-06-05 16:59 <DIR> d-------- C:\spywarevanisher-full
2007-06-05 16:34 1,668,864 --a------ C:\Program Files\XoftspySetup_lb.exe
2007-06-05 11:52 <DIR> d-------- C:\!KillBox
2007-06-04 17:35 <DIR> d-------- C:\disk2
2007-06-04 16:57 <DIR> d-------- C:\disk1
2007-06-04 15:26 51,233,144 --a------ C:\Program Files\directx_apr2007_redist.exe
2007-06-04 14:36 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-06-04 14:36 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-06-04 14:36 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-06-04 13:53 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-06-04 13:40 7,087,488 --a------ C:\Program Files\Alcohol120_trial_1.9.6.4719.exe
2007-06-03 14:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-03 14:19 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-06-03 14:18 <DIR> d-------- C:\Program Files\Azureus
2007-06-03 14:12 5,380,096 --a------ C:\Program Files\Azureus_3.0.1.4_windows.exe
2007-06-02 12:21 <DIR> d-------- C:\Program Files\CCleaner
2007-06-02 12:20 2,719,216 --a------ C:\Program Files\ccsetup140.exe
2007-05-29 15:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-29 15:48 11,470,608 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe
2007-05-28 16:30 102,912 --a------ C:\Program Files\VundoFix.exe
2007-05-28 16:30 <DIR> d-------- C:\VundoFix Backups


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-15 18:07:52 -------- d-----w C:\Program Files\LimeWire
2007-06-15 17:53:22 -------- d-----w C:\Program Files\Incomplete
2007-06-12 20:26:20 -------- d-----w C:\Program Files\Netscape
2007-06-07 15:33:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-07 20:43:24 -------- d-----w C:\Program Files\DynGate
2007-05-07 18:30:10 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-07 18:29:46 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-05-07 16:46:08 -------- d-----w C:\Program Files\TeamViewer
2007-05-07 00:40:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\TeamViewer
2007-05-06 23:57:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Help
2007-05-06 23:27:31 967,486 ----a-w C:\Program Files\tightvnc-1.2.9-setup.exe
2007-05-06 22:45:14 732,272 ----a-w C:\Program Files\Zolved Remote Control Viewer.exe
2007-05-03 00:26:02 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-03 00:03:03 -------- d-----w C:\Program Files\MUSICMATCH
2007-05-02 23:37:01 -------- d-----w C:\Program Files\SmitfraudFix
2007-05-02 23:30:29 1,724 ----a-w C:\WINDOWS\system32\tmp.reg
2007-04-27 20:55:04 -------- d-----w C:\Program Files\shittalker
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 22:24:15 -------- d-----w C:\Program Files\PC-Doctor for Windows
2007-04-15 22:23:43 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-15 22:22:27 0 ----a-w C:\WINDOWS\ORUN32.EXE
2007-04-15 22:20:59 -------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2007-04-15 22:20:43 0 -c--a-w C:\WINDOWS\system32\CMMGR32.EXE
2007-04-15 22:03:46 40,236,184 ----a-w C:\Program Files\zaSuiteSetup_70_337_000_en.exe
2007-04-15 21:52:44 5,746,464 ----a-w C:\Program Files\SUPERAntiSpywarePro.exe
2007-04-15 21:14:41 1,177,770 ----a-w C:\Program Files\ntfsinst.exe
2007-04-12 20:38:04 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2007-04-10 23:48:24 512 ----a-w C:\ScanSectorLog.dat
2007-04-10 22:19:50 26,790,040 ----a-w C:\Program Files\zaAvSetup_70_302_000_en.exe
2007-04-04 23:48:34 503,144 -c--a-w C:\Program Files\DXSETUP.exe
2007-04-04 23:48:34 1,673,576 -c--a-w C:\Program Files\dsetup32.dll
2007-04-04 23:48:32 77,160 -c--a-w C:\Program Files\DSETUP.dll
2007-03-29 16:50:26 14,726,774 ----a-w C:\Program Files\PhotoCollageSetup1.48.exe
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 21:02]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}=C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 20:00]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{A7327C09-B521-4EDB-8509-7D2660C9EC98}=C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [2007-02-24 14:33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 05:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"KYE_UDSI"="C:\Program Files\USB Storage RW\udsi.exe" [2003-02-21 23:30]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 23:45]
"AlcxMonitor"="ALCXMNTR.EXE" []
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]
"Spyware Vanisher"="C:\spywarevanisher-full\SpywareVanisher.exe" [2006-12-24 14:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\avp2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\avp2.exe


Contents of the 'Scheduled Tasks' folder
2007-01-14 14:51:38 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1160684512.job
2006-09-19 20:27:44 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 13:23:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [2580]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-15 13:27:55

--- E O F ---



SD FIX LOG:


SDFix: Version 1.63

Fri 06/15/2007 - 13:44:08.28

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found..




ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\hiberfil.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

Finished

#7 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 15 June 2007 - 11:18 PM

Hi ILoveSeb, :wave:

You're most welcome, ILoveSeb. :)

Can I see a fresh HijackThis log, please?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#8 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 16 June 2007 - 06:38 AM

Yeah, here you are.

Logfile of HijackThis v1.99.1
Scan saved at 7:37:55 AM, on 6/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\spywarevanisher-full\SpywareVanisher.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe -FastScan
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.co...pside_web18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162607883234
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

#9 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 16 June 2007 - 01:40 PM

Hi ILoveSeb, :wave:

OK, hereís what we do next.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". This will change from what we know in 2006, read this article: http://www.clickz.co...cle.php/3561546

Additional info: http://vil.nai.com/v...nt/v_137262.htm

I suggest you remove the program now. Go to Start -> Control Panel -> Add/Remove Programs and remove the following programs (if present):

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar



If you have problems with Viewpoint regenerating after uninstallation, then please follow these instructions:

Open AOL and go to Help on the toolbar. Select About AOL. Next is the SECRET STEP. You must then press Ctrl + D to access a "secret" panel to disable all of the desktop and IM fancy features that are associated with viewpoint. This is the only way to prevent AOL from re-installing Viewpoint at AOL startup.



NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-full\SpywareVanisher.exe ĖFastScan
O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.


NEXT:

Please go to Start -> Run and type (or copy and paste) the following lines in the "Open" field, ONE AT A TIME, then click "OK":

sc stop "Export Version"

sc delete "Export Version"

sc stop "Viewpoint Manager Service"

sc delete "Viewpoint Manager Service"



NEXT:

For this next step, please ensure that ComboFix.exe is on your desktop:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    File::
    C:\spywarevanisher-full\SpywareVanisher.exe
    C:\WINDOWS\lsass.exe
    C:\WINDOWS\iun6002.exe
    C:\Program Files\vanisher-free.exe
    
    Folder::
    C:\Program Files\Viewpoint
    C:\spywarevanisher-full
    C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
    
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please download CCleaner (freeware) and save it to your desktop:
  • Run the CCleaner installer.
  • During installation process, please UNCHECK "Add CCleaner Yahoo! Toolbar".
  • Once installed, run CCleaner and click the "Windows" tab.
  • Select the following:
    • Check everything under the "Internet Explorer" section.
    • Check everything under the "Windows Explorer" section.
    • Check everything under the "System" section.
    • Check ONLY "Old Prefetch data" under the "Advanced" section.
  • Then, click the "Applications" tab:
    • CHECK everything there.
  • Next, click the "Options" button in the left pane, then click the "Advanced" button:
    • UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
  • Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
  • When done, please exit CCleaner.
CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you donít know how to use it, you may cause irreparable damage to your system.


NEXT:

Let's run an online scan to make sure we're not leaving anything behind.

Please do an online scan with Kaspersky Online Scanner using Internet Explorer (this online scanner only works with IE):
  • Click on "Kaspersky Online Scanner".
  • You will be prompted to install an ActiveX component from Kaspersky, click "Yes".
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "Next".
  • Now click on "Scan Settings".
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click "OK".
  • Now under select a target to scan:
    • Select "My Computer".
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the "Save Report As" button.
    • In the "File name:" field, type kavscan.
    • In the "Save as type:" field, select "Text file (*.txt)".
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • The log from the Kaspersky scan.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#10 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 18 June 2007 - 04:34 PM

ComboFix Log
ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-18 10:53:32 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\APPLIC~1\Viewpoint
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\URLCache.ini
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\URLCache.ini
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\URLCache.ini
C:\DOCUME~1\Owner\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\URLCache.ini
C:\Program Files\vanisher-free.exe
C:\Program Files\Viewpoint
C:\spywarevanisher-full
C:\spywarevanisher-full\Backup\Backup_(06_05_07)_(17_26_42)_[2].bak
C:\spywarevanisher-full\Data1.dat
C:\spywarevanisher-full\Data2.dat
C:\spywarevanisher-full\DataBase\Master.enc
C:\spywarevanisher-full\IgnoreList.dat
C:\spywarevanisher-full\InfectionsHistory.dat
C:\spywarevanisher-full\irunin.bmp
C:\spywarevanisher-full\irunin.dat
C:\spywarevanisher-full\irunin.ini
C:\spywarevanisher-full\irunin.lng
C:\spywarevanisher-full\note.html
C:\spywarevanisher-full\ReadMe.txt
C:\spywarevanisher-full\SpywareVanisher.exe
C:\WINDOWS\iun6002.exe


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-15 13:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-12 15:19 <DIR> d-------- C:\Program Files\Restorer2000 Pro
2007-06-12 15:17 3,229,480 --a------ C:\Program Files\r2k_pro_3.exe
2007-06-12 15:07 1,123,966 --a------ C:\Program Files\undelete_plus_setup.exe
2007-06-12 15:05 4,082,688 --a------ C:\WINDOWS\system32\qtintf70.dll
2007-06-12 15:05 <DIR> d-------- C:\Program Files\Undelete NOW! Trial
2007-06-12 15:04 3,199,998 --a------ C:\Program Files\trialsetup.exe
2007-06-12 14:57 992,320 --a------ C:\Program Files\handyrecovery.exe
2007-06-12 14:55 4,700,304 --a------ C:\Program Files\frinstall.exe
2007-06-12 14:44 3,720,224 --a------ C:\Program Files\_masteruneraser_setup.exe
2007-06-12 14:36 5,075,472 --a------ C:\Program Files\RecoverMyFiles-Setup-WC.exe
2007-06-12 14:28 3,869,519 --a------ C:\Program Files\difrs.exe
2007-06-12 14:26 696,729 --a------ C:\Program Files\ntfs-fat-data-recovery-demo.exe
2007-06-12 14:24 <DIR> d-------- C:\Program Files\Restorer2000 Remote Engine
2007-06-12 14:19 592,704 --a------ C:\Program Files\r2k_eng_1.exe
2007-06-12 14:15 <DIR> d-------- C:\Recovered Files
2007-06-12 14:11 1,849,965 --a------ C:\Program Files\filerescuefat_setup.exe
2007-06-12 14:11 <DIR> d-------- C:\Program Files\FileRescue for FAT
2007-06-12 13:57 2,615,859 --a------ C:\Program Files\reviver_setup.exe
2007-06-06 20:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-06 20:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-06 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-06 20:19 25,755,448 --a------ C:\Program Files\wmp11-windowsxp-x86-enu1.exe
2007-06-06 15:52 7,121,880 --a------ C:\Program Files\Windows-KB890830-V1.29.exe
2007-06-05 16:34 1,668,864 --a------ C:\Program Files\XoftspySetup_lb.exe
2007-06-05 11:52 <DIR> d-------- C:\!KillBox
2007-06-04 17:35 <DIR> d-------- C:\disk2
2007-06-04 16:57 <DIR> d-------- C:\disk1
2007-06-04 15:26 51,233,144 --a------ C:\Program Files\directx_apr2007_redist.exe
2007-06-04 14:36 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-06-04 14:36 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-06-04 14:36 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-06-04 13:53 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-06-04 13:40 7,087,488 --a------ C:\Program Files\Alcohol120_trial_1.9.6.4719.exe
2007-06-03 14:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-03 14:19 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-06-03 14:18 <DIR> d-------- C:\Program Files\Azureus
2007-06-03 14:12 5,380,096 --a------ C:\Program Files\Azureus_3.0.1.4_windows.exe
2007-06-02 12:21 <DIR> d-------- C:\Program Files\CCleaner
2007-06-02 12:20 2,719,216 --a------ C:\Program Files\ccsetup140.exe
2007-05-29 15:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-29 15:48 11,470,608 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe
2007-05-28 16:30 102,912 --a------ C:\Program Files\VundoFix.exe
2007-05-28 16:30 <DIR> d-------- C:\VundoFix Backups


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-16 19:11:06 -------- d-----r C:\Program Files\LimeWire
2007-06-15 17:53:22 -------- d-----w C:\Program Files\Incomplete
2007-06-12 20:26:20 -------- d-----w C:\Program Files\Netscape
2007-06-07 15:33:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-07 20:43:24 -------- d-----w C:\Program Files\DynGate
2007-05-07 18:30:10 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-07 18:29:46 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-05-07 16:46:08 -------- d-----w C:\Program Files\TeamViewer
2007-05-07 00:40:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\TeamViewer
2007-05-06 23:57:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Help
2007-05-06 23:27:31 967,486 ----a-w C:\Program Files\tightvnc-1.2.9-setup.exe
2007-05-06 22:45:14 732,272 ----a-w C:\Program Files\Zolved Remote Control Viewer.exe
2007-05-03 00:26:02 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-03 00:03:03 -------- d-----w C:\Program Files\MUSICMATCH
2007-05-02 23:37:01 -------- d-----w C:\Program Files\SmitfraudFix
2007-05-02 23:30:29 1,724 ----a-w C:\WINDOWS\system32\tmp.reg
2007-04-27 20:55:04 -------- d-----w C:\Program Files\shittalker
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 22:23:43 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-15 22:22:27 0 ----a-w C:\WINDOWS\ORUN32.EXE
2007-04-15 22:20:43 0 -c--a-w C:\WINDOWS\system32\CMMGR32.EXE
2007-04-15 22:03:46 40,236,184 ----a-w C:\Program Files\zaSuiteSetup_70_337_000_en.exe
2007-04-15 21:52:44 5,746,464 ----a-w C:\Program Files\SUPERAntiSpywarePro.exe
2007-04-15 21:14:41 1,177,770 ----a-w C:\Program Files\ntfsinst.exe
2007-04-12 20:38:04 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2007-04-10 23:48:24 512 ----a-w C:\ScanSectorLog.dat
2007-04-10 22:19:50 26,790,040 ----a-w C:\Program Files\zaAvSetup_70_302_000_en.exe
2007-04-04 23:48:34 503,144 -c--a-w C:\Program Files\DXSETUP.exe
2007-04-04 23:48:34 1,673,576 -c--a-w C:\Program Files\dsetup32.dll
2007-04-04 23:48:32 77,160 -c--a-w C:\Program Files\DSETUP.dll
2007-03-29 16:50:26 14,726,774 ----a-w C:\Program Files\PhotoCollageSetup1.48.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 21:02]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}=C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 20:00]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 05:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"KYE_UDSI"="C:\Program Files\USB Storage RW\udsi.exe" [2003-02-21 23:30]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 23:45]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480


Contents of the 'Scheduled Tasks' folder
2007-01-14 14:51:38 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1160684512.job
2006-09-19 20:27:44 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 11:00:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-18 11:01:37
C:\ComboFix-quarantined-files.txt ... 2007-06-18 11:01
C:\ComboFix2.txt ... 2007-06-15 13:27

--- E O F ---


Kaspersky Scan Log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, June 18, 2007 5:25:58 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 18/06/2007
Kaspersky Anti-Virus database records: 348050
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 98612
Number of viruses found: 10
Number of infected objects: 40
Number of suspicious objects: 0
Duration of the scan process: 05:52:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\.housecall6.6\Quarantine\EN_US-ie.reg.bac_a03660 Infected: Trojan.WinREG.StartPage skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\Unused Icons\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Owner\Desktop\Unused Icons\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007061820070619\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_a38.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFB3B3.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-06-18.10-30-17.log Object is locked skipped
C:\Program Files\BitComet2\Downloads\AV Voice Changer Software DIAMOND 4.0.67 incl Keygen.zip/AV Voice Changer Software DIAMOND 4.0.67.exe/data0002 Infected: Trojan-Spy.Win32.Delf.ex skipped
C:\Program Files\BitComet2\Downloads\AV Voice Changer Software DIAMOND 4.0.67 incl Keygen.zip/AV Voice Changer Software DIAMOND 4.0.67.exe Infected: Trojan-Spy.Win32.Delf.ex skipped
C:\Program Files\BitComet2\Downloads\AV Voice Changer Software DIAMOND 4.0.67 incl Keygen.zip ZIP: infected - 2 skipped
C:\Program Files\Carnivores2-dm.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Common Files\mozilla.org\GRE\1.7.2_2004080415\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\L0000002.FCS Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Compaq Connections\1940576\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\LogMeIn.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\Program Files\LogMeIn.msi Embedded: infected - 3 skipped
C:\Program Files\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Program Files\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Program Files\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Program Files\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Program Files\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\Program Files\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Program Files\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\GIPS.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Owner.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\p2pce.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\voice.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\YSDP.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\YSIP.log Object is locked skipped
C:\SDFix\backups_old3\backups.zip/backups/i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\SDFix\backups_old3\backups.zip ZIP: infected - 1 skipped
C:\SDFix\backups_old4\backups.zip/backups/i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\SDFix\backups_old4\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(10)\A0043995.exe Infected: Trojan-Downloader.Win32.Zlob.bon skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(13)\A0048062.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(18)\A0049623.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(18)\A0049623.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(18)\A0049623.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(18)\A0049623.msi Embedded: infected - 3 skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(19)\A0049629.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(19)\A0049654.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\Fifoed(22)\A0050516.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP401\A0053128.exe Infected: Trojan-Downloader.Win32.Zlob.bon skipped
C:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP407\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1A517D07-42FD-4BD0-9300-6C81175A9737}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{E0C22EC0-D318-4D95-967D-A5C2B4653ED0}\RP407\change.log Object is locked skipped

Scan process completed.


HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 5:34:20 PM, on 6/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.co...pside_web18.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162607883234
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

#11 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 19 June 2007 - 11:36 AM

Hi ILoveSeb,

Please don’t download cracks and keygens. And, don’t visit crack sites. That is a sure way of getting infected. :)

OK, let’s fix some leftovers.

For this next step, please delete your current copy of ComboFix-Do.txt as we shall be creating a new one:
  • Then, please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
    (start copying from "File::")


    File::
    C:\Program Files\BitComet2\Downloads\AV Voice Changer Software DIAMOND 4.0.67 incl Keygen.zip
    C:\Program Files\BitComet2\Downloads\AV Voice Changer Software DIAMOND 4.0.67 incl Keygen.zip
    C:\Program Files\Carnivores2-dm.exe
    

  • Save this as ComboFix-Do.txt and change the "Save as type" to "All Files" and place it on your desktop.


    Posted Image


  • Referring to the screenshot above, drag ComboFix-Do.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Please do NOT mouse-click ComboFix's window while it is running. That may cause it to stall. Also, please do NOT adjust your time format while ComboFix is running.


NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:
  • The log from the ComboFix scan located at C:\ComboFix.txt.
  • A new HijackThis log.
(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

How are things running now?

Edited by Sempurna, 19 June 2007 - 11:36 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#12 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 19 June 2007 - 12:22 PM

Hm...well the computer is doing a lot better. No more stupid pop-ups!

Here you are!

HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 1:21:09 PM, on 6/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\USB Storage RW\udsi.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "www.google.com"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\qx53tq4r.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KYE_UDSI] "C:\Program Files\USB Storage RW\udsi.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\region\customizeIe.wsf
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: MsnFixer.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.co...pside_web18.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1162607883234
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)



ComboFix Log:

ComboFix 07-06-13.3 - C:\Documents and Settings\Owner\Desktop\ComboFix.exe
"Owner" - 2007-06-19 12:55:41 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Owner\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\BitComet2\Downloads\AV Voice Changer Software DIAMOND 4.0.67 incl Keygen.zip
C:\Program Files\Carnivores2-dm.exe


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-18 11:09 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-06-18 11:09 <DIR> d-------- C:\WINDOWS\LastGood
2007-06-18 11:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-06-15 13:11 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-12 15:19 <DIR> d-------- C:\Program Files\Restorer2000 Pro
2007-06-12 15:17 3,229,480 --a------ C:\Program Files\r2k_pro_3.exe
2007-06-12 15:07 1,123,966 --a------ C:\Program Files\undelete_plus_setup.exe
2007-06-12 15:05 4,082,688 --a------ C:\WINDOWS\system32\qtintf70.dll
2007-06-12 15:05 <DIR> d-------- C:\Program Files\Undelete NOW! Trial
2007-06-12 15:04 3,199,998 --a------ C:\Program Files\trialsetup.exe
2007-06-12 14:57 992,320 --a------ C:\Program Files\handyrecovery.exe
2007-06-12 14:55 4,700,304 --a------ C:\Program Files\frinstall.exe
2007-06-12 14:44 3,720,224 --a------ C:\Program Files\_masteruneraser_setup.exe
2007-06-12 14:36 5,075,472 --a------ C:\Program Files\RecoverMyFiles-Setup-WC.exe
2007-06-12 14:28 3,869,519 --a------ C:\Program Files\difrs.exe
2007-06-12 14:26 696,729 --a------ C:\Program Files\ntfs-fat-data-recovery-demo.exe
2007-06-12 14:24 <DIR> d-------- C:\Program Files\Restorer2000 Remote Engine
2007-06-12 14:19 592,704 --a------ C:\Program Files\r2k_eng_1.exe
2007-06-12 14:15 <DIR> d-------- C:\Recovered Files
2007-06-12 14:11 1,849,965 --a------ C:\Program Files\filerescuefat_setup.exe
2007-06-12 14:11 <DIR> d-------- C:\Program Files\FileRescue for FAT
2007-06-12 13:57 2,615,859 --a------ C:\Program Files\reviver_setup.exe
2007-06-06 20:53 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-06 20:43 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-06 20:43 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-06-06 20:19 25,755,448 --a------ C:\Program Files\wmp11-windowsxp-x86-enu1.exe
2007-06-06 15:52 7,121,880 --a------ C:\Program Files\Windows-KB890830-V1.29.exe
2007-06-05 16:34 1,668,864 --a------ C:\Program Files\XoftspySetup_lb.exe
2007-06-05 11:52 <DIR> d-------- C:\!KillBox
2007-06-04 17:35 <DIR> d-------- C:\disk2
2007-06-04 16:57 <DIR> d-------- C:\disk1
2007-06-04 15:26 51,233,144 --a------ C:\Program Files\directx_apr2007_redist.exe
2007-06-04 14:36 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2007-06-04 14:36 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2007-06-04 14:36 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2007-06-04 13:53 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-06-04 13:40 7,087,488 --a------ C:\Program Files\Alcohol120_trial_1.9.6.4719.exe
2007-06-03 14:20 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
2007-06-03 14:19 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Azureus
2007-06-03 14:18 <DIR> d-------- C:\Program Files\Azureus
2007-06-03 14:12 5,380,096 --a------ C:\Program Files\Azureus_3.0.1.4_windows.exe
2007-06-02 12:21 <DIR> d-------- C:\Program Files\CCleaner
2007-06-02 12:20 2,719,216 --a------ C:\Program Files\ccsetup140.exe
2007-05-29 15:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-29 15:48 11,470,608 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe
2007-05-28 16:30 102,912 --a------ C:\Program Files\VundoFix.exe
2007-05-28 16:30 <DIR> d-------- C:\VundoFix Backups


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-19 01:49:50 -------- d-----r C:\Program Files\LimeWire
2007-06-15 17:53:22 -------- d-----w C:\Program Files\Incomplete
2007-06-12 20:26:20 -------- d-----w C:\Program Files\Netscape
2007-06-07 15:33:46 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-07 20:43:24 -------- d-----w C:\Program Files\DynGate
2007-05-07 18:30:10 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-05-07 18:29:46 -------- d-----w C:\Program Files\SUPERAntiSpyware
2007-05-07 16:46:08 -------- d-----w C:\Program Files\TeamViewer
2007-05-07 00:40:55 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\TeamViewer
2007-05-06 23:57:42 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Help
2007-05-06 23:27:31 967,486 ----a-w C:\Program Files\tightvnc-1.2.9-setup.exe
2007-05-06 22:45:14 732,272 ----a-w C:\Program Files\Zolved Remote Control Viewer.exe
2007-05-03 00:26:02 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-03 00:03:03 -------- d-----w C:\Program Files\MUSICMATCH
2007-05-02 23:37:01 -------- d-----w C:\Program Files\SmitfraudFix
2007-05-02 23:30:29 1,724 ----a-w C:\WINDOWS\system32\tmp.reg
2007-04-27 20:55:04 -------- d-----w C:\Program Files\shittalker
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-15 22:23:43 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-04-15 22:22:27 0 ----a-w C:\WINDOWS\ORUN32.EXE
2007-04-15 22:20:43 0 -c--a-w C:\WINDOWS\system32\CMMGR32.EXE
2007-04-15 22:03:46 40,236,184 ----a-w C:\Program Files\zaSuiteSetup_70_337_000_en.exe
2007-04-15 21:52:44 5,746,464 ----a-w C:\Program Files\SUPERAntiSpywarePro.exe
2007-04-15 21:14:41 1,177,770 ----a-w C:\Program Files\ntfsinst.exe
2007-04-12 20:38:04 2,228,534 ----a-w C:\Program Files\audacity-win-1.2.6.exe
2007-04-10 23:48:24 512 ----a-w C:\ScanSectorLog.dat
2007-04-10 22:19:50 26,790,040 ----a-w C:\Program Files\zaAvSetup_70_302_000_en.exe
2007-04-04 23:48:34 503,144 -c--a-w C:\Program Files\DXSETUP.exe
2007-04-04 23:48:34 1,673,576 -c--a-w C:\Program Files\dsetup32.dll
2007-04-04 23:48:32 77,160 -c--a-w C:\Program Files\DSETUP.dll
2007-03-29 16:50:26 14,726,774 ----a-w C:\Program Files\PhotoCollageSetup1.48.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 21:02]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}=C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 20:00]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-04-10 05:50]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"KYE_UDSI"="C:\Program Files\USB Storage RW\udsi.exe" [2003-02-21 23:30]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 23:45]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 07:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b5da0c4-1201-11dc-9e64-00402b60f3fe}]
AutoRun\command- F:\avp2.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f4258e-46c5-11db-9e04-806d6172696f}]
AutoRun\command- D:\Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46f42590-46c5-11db-9e04-806d6172696f}]
AutoRun\command- E:\avp2.exe


Contents of the 'Scheduled Tasks' folder
2007-01-14 14:51:38 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1160684512.job
2006-09-19 20:27:44 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 13:06:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-19 13:09:09
C:\ComboFix-quarantined-files.txt ... 2007-06-19 13:08
C:\ComboFix2.txt ... 2007-06-18 11:01
C:\ComboFix3.txt ... 2007-06-15 13:27

--- E O F ---

#13 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 19 June 2007 - 10:48 PM

Hi ILoveSeb, :wave:

Just some loose ends to tie up, and then we can let you go home. :)

To create a new system restore point:
  • Go to Start Menu -> All Programs -> Accessories -> System Tools -> System Restore.
  • Click "Create A Restore Point" then click "Next". Give it a name and then click "Create".
  • When the confirmation screen shows the restore point has been created click "Close".
  • Then go to Start -> Run and type in (or copy and paste):

    cleanmgr.

  • Click "OK".
  • Disk Cleanup will open and start calculating the amount of space that can be freed.
  • Once thatís finished it will open the Disk Cleanup options screen, click the "More Options" tab.
  • Click "Clean Up" in the "System Restore" section and choose "Yes" at the confirmation window.
This will remove all previous restore points except the newly created one.


NEXT:

Everything looks great --- your HijackThis log appears to be clean. :)

Please take some time reading this list; it is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Windows Updates (a must!)
    It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. You can either click on the link above and bookmark the updates page, or open Internet Explorer, then go to the Tools menu -> Windows Update, and follow the online instructions from there.

  • Firewall (a must!)
    It is definitely a must have. Some good FREE versions are Comodo, Outpost, or ZoneAlarm.
    Test your Firewall and make sure it is working properly.
    Note: You must only use 1 (one) firewall at a time because if you have 2 or more firewalls running at the same time, they will conflict with each other and make your security less reliable. Please also remember to turn off Windows Firewall once you have installed a new firewall.

  • Also make sure to run your antivirus software regularly, and to keep it up-to-date.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you do decide to install Firefox, please take a moment to read Switching from IE to Firefox.

  • SpywareBlaster
    This is a great FREE prevention tool to keep nasties from installing on your system.
    Tutorial: How to use!

  • IE-SPYAD
    This FREE tool adds over 15,000 items to your IE Restricted Zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
    Tutorial: How to use!

  • Spybot - Search & Destroy
    This is a very powerful FREE tool that can search for and annihilate nasties that make it onto your system. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features for realtime protection.
    Tutorial: How to use!

  • Ad-Aware 2007 Free
    This is another very powerful FREE tool that searches for and kills nasties that infect your system. Ad-Aware 2007 and Spybot Search & Destroy compliment each other very well.
    Tutorial: How to use!

  • I suggest that you download and install one or two of these FREE and good anti-trojan programs to use for ad-hoc scanning on your system:
    a-squared Free
    AVG Anti-Spyware Free
    SUPERAntiSpyware

  • I would also suggest you perform an online virus scan once in a while because what one virus scanner can't find, another one maybe can:
    BitDefender Online Scanner
    F-Secure Online Scanner
    Panda ActiveScan
    Dr.Web CureIt <-- This is not really an online scanner, as it is a standalone utility. You need to download a new copy for updated virus definitions, but it can be run in Safe Mode, unlike the online scanners above.
Please also read Tony Klein's excellent article How I got Infected in the First Place and this CastleCops article Malware Prevention: Prevent Re-infection.

Hopefully this should take care of your problems! Good luck! :D
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#14 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 20 June 2007 - 08:49 AM

Thank you very very much.

One more question, is there any reason why my taskbar locks up quite often? Especially when my Windows Explorer and Desktop reset themselves quite a bit throughout the day for no reason?

#15 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 20 June 2007 - 10:14 AM

You’re most welcome, ILoveSeb. :)

Hmm, the taskbar and desktop problems could be due to file corruption or faulty memory.

We could check for both, if you like. :)

For this next step, please have your original Windows XP installation CD handy.

(If you don’t have your original Windows XP installation CD, proceed with the scan anyway. If the scan prompts you to replace a corrupt OS file, direct it to the dllcache or i386 folder that should be present in your system. That’s where Windows XP keeps its backup OS files. The location of these folders vary from system to system, so you would have to locate them first and remember their locations.):
  • Then, please go to Start -> Run and type (or copy and paste):

    sfc /scannow

  • Click "OK".
  • The System File Checker will now run. If it finds any corrupt OS files, it will prompt you to insert your Windows XP installation CD. If nothing is found, it will close by itself.
  • Please be patient as this scan may take awhile to complete.

NEXT:

You can download the Windows Memory Diagnostic and determine if there are problems with your RAM or the memory system of your motherboard.

Please let me know the results of the RAM test.

Edited by Sempurna, 20 June 2007 - 10:18 AM.

My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#16 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 21 June 2007 - 12:19 PM

Thanks very much.
The System File Checker was fine, it closed on itself and nothing has come up so I assume everything is fine with that.

As far as the WMD, I tried the first option (Create Startup Disk) and the only Floppy Disk to choose was 3.5" Floppy A: and when I clicked Create it says 'Device Write Error.' When I choose Save CD Image to Disk, it works alright. So I click it in the area I saved it to and an error comes up.
KB823980 Setup Error
Setup has detected that the Service Pack version of the system installed is newer than the update you are applying it to.
You can only install the update on a computer with no Service Packs installed.

#17 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 21 June 2007 - 11:28 PM

Do you have a CD writer on your system?
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#18 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 22 June 2007 - 10:18 AM

Like a CD burner?

#19 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 22 June 2007 - 10:50 AM

Yes, like a CD burner. Most of the RAM tests would only run from a CD iso image, so a CD burner would be essential to any tests of your RAM.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#20 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 23 June 2007 - 09:24 AM

Yeah I have a cd burner. :) Sure I'll try it now.


And as a note: I figured out that switching from Netscape to Firefox did my computer wonders on speed.

#21 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 23 June 2007 - 12:00 PM

Yep, Firefox is a much faster browser. Although much of that has to do with how it works. It isn't actually faster than other browsers... it just appears that it is.

Most browsers, including IE and Opera, are not really slower than Firefox. Its just that they load a page differently, so it appears to be slower. But, perceptions are everything, aren't they? :)

Let me know how the RAM tests go with using a CD.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#22 ILoveSeb

ILoveSeb

    Member

  • Full Member
  • Pip
  • 28 posts

Posted 24 June 2007 - 05:40 PM

True, but for some odd reason, thought they take up nearly the same Memory Usage, Netscape would lock up every couple of minutes for absolutely no reason and I have had little problems with Firefox at all.

Thank you, I'll burn the cds.

#23 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 25 June 2007 - 12:11 AM

OK, catch up with you later, then. :)
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo

#24 Sempurna

Sempurna

    Forum Deity

  • Retired Staff
  • PipPipPipPipPip
  • 3,838 posts

Posted 25 July 2007 - 07:47 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying HERE with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

--------------------

We are each of us angels with but one wing. And we can only fly embracing each other.
Luciano De Crescenzo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button