Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Flooded with Malware & virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Flooded with Malware & virus

Unread postby jonked » June 17th, 2007, 4:43 am

Help please, being flooded with Malware and viruses. I have tried various solutions. PCGuard, TrendMicros and others, but problem only seems to get worse.

HighJackThis log below.

Thanks in advance
Jonked

Logfile of HijackThis v1.99.1
Scan saved at 09:29:15, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [vmfcbypo.exe] C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\paavwvml.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ho3tRObpX] drpd3x40.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://www.teen-nude-celebrities.com/in ... 109191.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/mi ... Loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex ... Loader.cab
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} (five Class) - http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2779681543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7678277405
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://www.download.five.tv/Download/En ... Silent.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/active ... anager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)
jonked
Regular Member
 
Posts: 27
Joined: June 16th, 2007, 6:55 pm
Advertisement
Register to Remove

Unread postby Shaba » June 17th, 2007, 4:54 am

Hi jonked

Rename HijackThis.exe to scanner.exe and post back a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Renamed highjackthis.exe to scanner.exe as requested

Unread postby jonked » June 17th, 2007, 5:44 am

Logfile of HijackThis v1.99.1
Scan saved at 10:41:29, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\rundll32.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {0316CAD4-CF66-4A9F-837C-53FC1E53D14b} - C:\WINDOWS\system32\mvkqmsnf.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat

6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2AF8AF06-0925-4094-9FC8-E2D681E99D89} - C:\WINDOWS\system32\qiofkugg.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: (no name) - {559647AF-430A-4481-BB4E-10D7749C71E7} - C:\WINDOWS\system32\mvkqmsnf.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\gicjaagp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\khfggge.dll
O2 - BHO: (no name) - {A3965A88-08EE-4434-A7A6-6A99B999DC1a} - C:\WINDOWS\system32\qiofkugg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D9A034AA-15F0-4994-9604-AAC51D794236} - C:\WINDOWS\system32\khhhf.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [vmfcbypo.exe] C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\kqueplsp.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ho3tRObpX] drpd3x40.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program

Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic

Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth

Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file

missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) -

http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} -

http://www.teen-nude-celebrities.com/in ... 109191.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/mi ... Loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -

http://www.miniclip.com/ricochet/Reflex ... Loader.cab
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} (five Class) - http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) -

http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v ... 2779681543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftup ... 7678277405
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) -

http://www.download.five.tv/Download/En ... Silent.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -

http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) -

http://www.candystand.com/assets/active ... anager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft

Shared\Help\hxds.dll
O20 - Winlogon Notify: khfggge - C:\WINDOWS\SYSTEM32\khfggge.dll
O20 - Winlogon Notify: khhhf - C:\WINDOWS\system32\khhhf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winlvv32 - winlvv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL

Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol

120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities

2004\WinStylerThemeSvc.exe (file missing)
jonked
Regular Member
 
Posts: 27
Joined: June 16th, 2007, 6:55 pm

Unread postby Shaba » June 17th, 2007, 5:48 am

Hi

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

vundofix.exe is not a volid WIN32 application.

Unread postby jonked » June 17th, 2007, 1:18 pm

Tried to run as per your instructions and get the following

vundofix.exe is not a volid WIN32 application.
jonked
Regular Member
 
Posts: 27
Joined: June 16th, 2007, 6:55 pm

Unread postby Shaba » June 17th, 2007, 1:20 pm

Hi

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Highjackthis log and ComboFix report

Unread postby jonked » June 17th, 2007, 3:30 pm

Logs as requested. Thanks Jonked

NEW HIGHJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 20:24, on 2007-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\ComboFix\catchme.cfexe
C:\Program Files\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [vmfcbypo.exe] C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ho3tRObpX] drpd3x40.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://www.teen-nude-celebrities.com/in ... 109191.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/mi ... Loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex ... Loader.cab
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} (five Class) - http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2779681543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7678277405
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://www.download.five.tv/Download/En ... Silent.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/active ... anager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winlvv32 - winlvv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)

COMBOFIX-QUARANTINED-FILES.TXT

Logfile of HijackThis v1.99.1
Scan saved at 20:24, on 2007-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\ComboFix\catchme.cfexe
C:\Program Files\HijackThis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [vmfcbypo.exe] C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ho3tRObpX] drpd3x40.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://www.teen-nude-celebrities.com/in ... 109191.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/mi ... Loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex ... Loader.cab
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} (five Class) - http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2779681543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7678277405
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://www.download.five.tv/Download/En ... Silent.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/active ... anager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winlvv32 - winlvv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)
jonked
Regular Member
 
Posts: 27
Joined: June 16th, 2007, 6:55 pm

Unread postby Shaba » June 18th, 2007, 4:28 am

Hi

You posted HijackThis log twice.

Please post also combofix log, it's here -> C:\ComboFix.txt :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

ComboFix.txt

Unread postby jonked » June 18th, 2007, 11:47 am

ComboFix.txt below. Do not appear to be getting any malware popups since carrying out what you suggested.:

ComboFix 07-06-17 - C:\Documents and Settings\John\Desktop\ComboFix.exe
"John" - 2007-06-17 19:55:48 - Service Pack 2 NTFS


Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cetigupt.dll
C:\WINDOWS\system32\ebxsotrx.dll
C:\WINDOWS\system32\elgonhkf.dll
C:\WINDOWS\system32\evtfsjtg.dll
C:\WINDOWS\system32\fkplloge.dll
C:\WINDOWS\system32\guexyurq.dll
C:\WINDOWS\system32\hknbujkv.dll
C:\WINDOWS\system32\jmmrguub.dll
C:\WINDOWS\system32\kqueplsp.dll
C:\WINDOWS\system32\ljrqdchb.dll
C:\WINDOWS\system32\mllih.dll
C:\WINDOWS\system32\msoeijok.dll
C:\WINDOWS\system32\mtejedda.dll
C:\WINDOWS\system32\mvkqmsnf.dll
C:\WINDOWS\system32\nwjfudum.dll
C:\WINDOWS\system32\paavwvml.dll
C:\WINDOWS\system32\qbqkupia.dll
C:\WINDOWS\system32\qdhigecw.dll
C:\WINDOWS\system32\qiofkugg.dll
C:\WINDOWS\system32\vuodonxs.dll
C:\WINDOWS\system32\woatfqra.dll
C:\WINDOWS\system32\tpugitec.ini
C:\WINDOWS\system32\xrtosxbe.ini
C:\WINDOWS\system32\fkhnogle.ini
C:\WINDOWS\system32\gtjsftve.ini
C:\WINDOWS\system32\egollpkf.ini
C:\WINDOWS\system32\vkjubnkh.ini
C:\WINDOWS\system32\buugrmmj.ini
C:\WINDOWS\system32\fhhhk.bak1
C:\WINDOWS\system32\fhhhk.bak2
C:\WINDOWS\system32\fhhhk.ini
C:\WINDOWS\system32\fhhhk.ini2
C:\WINDOWS\system32\fhhhk.tmp
C:\WINDOWS\system32\pslpeuqk.ini
C:\WINDOWS\system32\bhcdqrjl.ini
C:\WINDOWS\system32\hillm.ini
C:\WINDOWS\system32\kojieosm.ini
C:\WINDOWS\system32\addejetm.ini
C:\WINDOWS\system32\mudufjwn.ini
C:\WINDOWS\system32\lmvwvaap.ini
C:\WINDOWS\system32\aipukqbq.ini
C:\WINDOWS\system32\wcegihdq.ini
C:\WINDOWS\system32\sxnodouv.ini
C:\WINDOWS\system32\arqftaow.ini
C:\WINDOWS\system32\fhhhk.bak1
C:\WINDOWS\system32\fhhhk.bak2
C:\WINDOWS\system32\fhhhk.ini
C:\WINDOWS\system32\fhhhk.ini2
C:\WINDOWS\system32\fhhhk.tmp
C:\WINDOWS\system32\fhhhk.bak1
C:\WINDOWS\system32\fhhhk.bak2
C:\WINDOWS\system32\fhhhk.ini
C:\WINDOWS\system32\fhhhk.ini2
C:\WINDOWS\system32\fhhhk.tmp
C:\WINDOWS\system32\khhhf.dll
C:\WINDOWS\system32\khfggge.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.log
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\screensavers.com
C:\WINDOWS\hosts
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))


2007-06-17 19:59 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-17 19:57 62,516 --a------ C:\WINDOWS\system32\ytcylcoe.dll
2007-06-17 19:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 18:12 71,316 --a------ C:\VundoFix.exe
2007-06-16 14:10 662 --a------ C:\pmcubosf3.exe
2007-06-16 10:11 <DIR> d-------- C:\WINDOWS\system32\pmcubosf
2007-06-16 09:29 286,720 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-13 20:14 62,516 --a------ C:\WINDOWS\system32\gicjaagp.dll
2007-06-12 20:06 <DIR> d-------- C:\DOCUME~1\John\.housecall6.6
2007-06-11 22:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-09 23:33 <DIR> d---s---- C:\DOCUME~1\Anne\APPLIC~1\?icrosoft
2007-06-09 23:18 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-06-09 23:16 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft
2007-06-09 23:16 <DIR> d-------- C:\Program Files\?icrosoft.NET
2007-06-09 23:16 <DIR> d-------- C:\Program Files\?icrosoft
2007-06-09 23:15 <DIR> d-------- C:\Program Files\A?pPatch
2007-06-09 23:15 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?asks
2007-06-09 23:14 <DIR> d-------- C:\Program Files\??pPatch
2007-06-09 23:13 <DIR> d-------- C:\WINDOWS\system32\?asks
2007-06-09 23:13 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-06-09 23:13 <DIR> d-------- C:\Program Files\??mbols
2007-06-09 23:12 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-06-09 23:12 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-06-09 23:12 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-06-09 23:12 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?ssembly
2007-06-09 23:12 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??crosoft.NET
2007-06-09 23:11 <DIR> dr--s---- C:\WINDOWS\a?sembly
2007-06-09 23:11 <DIR> d---s---- C:\WINDOWS\?asks
2007-06-09 23:11 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-06-09 23:11 <DIR> d-------- C:\WINDOWS\A?pPatch
2007-06-09 23:11 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-06-09 23:11 <DIR> d-------- C:\Program Files\?asks
2007-06-09 23:11 <DIR> d-------- C:\Program Files\??crosoft.NET
2007-06-09 23:11 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\s?stem32
2007-06-09 23:10 <DIR> dr--s---- C:\WINDOWS\??sembly
2007-06-09 23:10 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-09 23:10 <DIR> d---s---- C:\DOCUME~1\Anne\APPLIC~1\??crosoft
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\?ymbols
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\??stem
2007-06-09 23:10 <DIR> d-------- C:\Program Files\Common Files\?ymantec
2007-06-09 23:10 <DIR> d-------- C:\Program Files\Common Files\??sembly
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\F?nts
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?asks
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??pPatch
2007-06-09 23:09 <DIR> d---s---- C:\WINDOWS\??sks
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\?dobe
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\??crosoft
2007-06-09 23:09 <DIR> d-------- C:\Program Files\F?nts
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\?ystem
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\??curity
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-06-09 23:09 <DIR> d-------- C:\Program Files\?ecurity
2007-06-09 23:09 <DIR> d-------- C:\Program Files\?asks
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\S?mantec
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?ymbols
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??crosoft.NET
2007-06-09 23:08 <DIR> d-a------ C:\WINDOWS\??stem32
2007-06-09 23:08 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\W?nSxS
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\s?stem
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\s?mbols
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\?ecurity
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\??pPatch
2007-06-09 23:08 <DIR> d-------- C:\Program Files\F?nts
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\?ecurity
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??stem32
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??sks
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?racle
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?icrosoft
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?dobe
2007-06-09 23:08 <DIR> d-------- C:\Program Files\??sks
2007-06-09 23:08 <DIR> d-------- C:\Program Files\??curity
2007-06-09 23:08 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??sembly
2007-06-09 23:07 <DIR> d-a------ C:\WINDOWS\?ystem32
2007-06-09 23:07 <DIR> d---s---- C:\WINDOWS\?asks
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\system32\?ymbols
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\system32\?racle
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\system32\??stem
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\system32\??mantec
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\S?mantec
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\M?crosoft
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\?ppPatch
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\??pPatch
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\??mbols
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\??crosoft.NET
2007-06-09 23:07 <DIR> d-------- C:\Program Files\S?mantec


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 09:35:45 -------- d-----w C:\DOCUME~1\John\APPLIC~1\Azureus
2007-06-16 19:32:28 -------- d-----w C:\Program Files\Virtools
2007-06-16 19:22:29 -------- d-----w C:\Program Files\Viewpoint
2007-06-16 08:27:20 -------- d-----w C:\Program Files\Common Files\Command Software
2007-06-12 20:18:41 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-06-09 22:18:57 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-09 22:16:57 -------- d-----w C:\Program Files\?icrosoft.NET
2007-06-09 22:16:23 -------- d-----w C:\Program Files\?icrosoft
2007-06-09 22:14:39 -------- d-----w C:\Program Files\??pPatch
2007-06-09 22:13:58 -------- d-----w C:\Program Files\??mbols
2007-06-09 22:12:16 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-09 22:11:39 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-09 22:11:25 -------- d-----w C:\Program Files\?asks
2007-06-09 22:11:18 -------- d-----w C:\Program Files\??crosoft.NET
2007-06-09 22:10:24 -------- d-----w C:\Program Files\Common Files\?ymantec
2007-06-09 22:10:21 -------- d-----w C:\Program Files\Common Files\??sembly
2007-06-09 22:09:53 -------- d-----w C:\Program Files\Common Files\??curity
2007-06-09 22:09:31 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-09 22:09:23 -------- d-----w C:\Program Files\?asks
2007-06-09 22:09:22 -------- d-----w C:\Program Files\?ecurity
2007-06-09 22:09:09 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-09 22:09:06 -------- d-----w C:\Program Files\Common Files\?ystem
2007-06-09 22:08:53 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-09 22:08:48 -------- d-----w C:\Program Files\?icrosoft
2007-06-09 22:08:47 -------- d-----w C:\Program Files\??curity
2007-06-09 22:08:43 -------- d-----w C:\Program Files\?dobe
2007-06-09 22:08:31 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-09 22:08:31 -------- d-----w C:\Program Files\??sks
2007-06-09 22:08:15 -------- d-----w C:\Program Files\Common Files\??stem32
2007-06-09 22:08:09 -------- d-----w C:\Program Files\Common Files\?ecurity
2007-06-09 22:08:07 -------- d-----w C:\Program Files\?racle
2007-06-09 22:07:51 -------- d-----w C:\Program Files\Common Files\?racle
2007-06-09 22:07:50 -------- d-----w C:\Program Files\??pPatch
2007-06-09 22:07:40 -------- d-----w C:\Program Files\??crosoft.NET
2007-06-09 22:07:38 -------- d-----w C:\Program Files\?ymbols
2007-06-09 22:07:37 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-09 22:07:26 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-09 22:07:14 -------- d-----w C:\Program Files\?icrosoft.NET
2007-06-09 22:07:03 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-09 22:07:01 -------- d-----w C:\Program Files\??crosoft
2007-06-09 22:06:53 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-09 22:06:27 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-09 22:06:22 -------- d-----w C:\Program Files\??crosoft
2007-06-09 22:06:21 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-09 22:06:20 -------- d-----w C:\Program Files\Common Files\??mbols
2007-06-09 22:06:15 -------- d-----w C:\Program Files\?ystem
2007-06-09 22:06:13 -------- d-----w C:\Program Files\?ppPatch
2007-06-09 22:06:07 -------- d-----w C:\Program Files\Common Files\??mantec
2007-06-09 22:06:05 -------- d-----w C:\Program Files\?ystem32
2007-06-09 22:06:04 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-09 22:06:00 -------- d-----w C:\Program Files\??sks
2007-06-09 22:05:57 -------- d-----w C:\Program Files\?racle
2007-06-09 22:05:49 -------- d-----w C:\Program Files\Common Files\??stem
2007-06-09 22:05:47 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-09 22:05:45 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-09 22:05:42 -------- d-----w C:\Program Files\?ssembly
2007-06-09 22:05:41 -------- d-----w C:\Program Files\?ymantec
2007-06-09 22:05:36 -------- d-----w C:\Program Files\??mantec
2007-06-09 22:05:31 -------- d-----w C:\Program Files\Common Files\?racle
2007-06-09 22:05:29 -------- d-----w C:\Program Files\??sembly
2007-06-09 22:05:26 -------- d-----w C:\Program Files\?ppPatch
2007-06-09 22:05:25 -------- d-----w C:\Program Files\?dobe
2007-06-09 22:05:16 -------- d-----w C:\Program Files\Common Files\?ssembly
2007-06-09 22:05:15 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-09 22:05:13 -------- d-----w C:\Program Files\??stem32
2007-06-09 22:05:07 -------- d-----w C:\Program Files\Common Files\?ymbols
2007-06-09 22:04:59 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-09 22:04:57 -------- d-----w C:\Program Files\??stem
2007-06-09 22:04:52 -------- d-----w C:\Program Files\Common Files\?ystem32
2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 21:13:18 -------- d-----w C:\Program Files\Your Syndicate Manager
2007-05-10 11:23:44 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-27 18:07:48 79,384 ----a-r C:\WINDOWS\system32\avmontr.dll
2007-04-27 17:49:12 840,352 ----a-r C:\WINDOWS\system32\drivers\css-dvp.sys
2007-04-25 18:20:57 -------- d-----w C:\DOCUME~1\John\APPLIC~1\AdobeUM
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-23 05:07:56 1,683,280 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 05:07:54 583,504 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 19:25:02 124,928 ----a-w C:\WINDOWS\system32\prntvpt.dll
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 23:17]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}=C:\Program Files\blueyonder\PCguard\pkR.dll [2006-05-01 13:41]
{56071E0D-C61B-11D3-B41C-00E02927A304}=C:\Program Files\blueyonder\PCguard\FBHR.dll [2006-05-01 13:41]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 01:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll [2006-10-12 04:25]
{AE7CD045-E861-484f-8273-0445EE161910}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMLABTECMOUSE"="C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe" [2004-12-13 23:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"MISAggregator"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"NWEReboot"="" []
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 05:41]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 16:06 C:\WINDOWS\system32\ptipbmf.dll]
"PVR Agent"="C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe" [2005-07-05 19:25]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 23:38]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"eFax 4.1"="C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-17 00:59]
"PCguardadvisor.exe"="C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" [2006-04-28 15:27]
"PCguard"="C:\Program Files\blueyonder\PCguard\Rps.exe" [2006-05-01 13:43]
"five Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [2006-07-30 11:25]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2005-06-14 16:23]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-06-17 20:02]
"vmfcbypo.exe"="C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe" [2007-06-09 23:04]
"SpyHunter"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"Ho3tRObpX"="drpd3x40.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MS Office32cb Startup"=OfficeGUI32cb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlvv32]
winlvv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
backup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk]
backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MediaFace Integration"=F:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


Contents of the 'Scheduled Tasks' folder
2005-02-16 22:41:46 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC John.job
2007-06-08 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC John.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-17 20:11:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-17 20:15:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-17 20:14

--- E O F ---
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cetigupt.dll
C:\WINDOWS\system32\ebxsotrx.dll
C:\WINDOWS\system32\elgonhkf.dll
C:\WINDOWS\system32\evtfsjtg.dll
C:\WINDOWS\system32\fkplloge.dll
C:\WINDOWS\system32\guexyurq.dll
C:\WINDOWS\system32\hknbujkv.dll
C:\WINDOWS\system32\jmmrguub.dll
C:\WINDOWS\system32\kqueplsp.dll
C:\WINDOWS\system32\ljrqdchb.dll
C:\WINDOWS\system32\mllih.dll
C:\WINDOWS\system32\msoeijok.dll
C:\WINDOWS\system32\mtejedda.dll
C:\WINDOWS\system32\mvkqmsnf.dll
C:\WINDOWS\system32\nwjfudum.dll
C:\WINDOWS\system32\paavwvml.dll
C:\WINDOWS\system32\qbqkupia.dll
C:\WINDOWS\system32\qdhigecw.dll
C:\WINDOWS\system32\qiofkugg.dll
C:\WINDOWS\system32\vuodonxs.dll
C:\WINDOWS\system32\woatfqra.dll
C:\WINDOWS\system32\tpugitec.ini
C:\WINDOWS\system32\xrtosxbe.ini
C:\WINDOWS\system32\fkhnogle.ini
C:\WINDOWS\system32\gtjsftve.ini
C:\WINDOWS\system32\egollpkf.ini
C:\WINDOWS\system32\vkjubnkh.ini
C:\WINDOWS\system32\buugrmmj.ini
C:\WINDOWS\system32\fhhhk.bak1
C:\WINDOWS\system32\fhhhk.bak2
C:\WINDOWS\system32\fhhhk.ini
C:\WINDOWS\system32\fhhhk.ini2
C:\WINDOWS\system32\fhhhk.tmp
C:\WINDOWS\system32\pslpeuqk.ini
C:\WINDOWS\system32\bhcdqrjl.ini
C:\WINDOWS\system32\hillm.ini
C:\WINDOWS\system32\kojieosm.ini
C:\WINDOWS\system32\addejetm.ini
C:\WINDOWS\system32\mudufjwn.ini
C:\WINDOWS\system32\lmvwvaap.ini
C:\WINDOWS\system32\aipukqbq.ini
C:\WINDOWS\system32\wcegihdq.ini
C:\WINDOWS\system32\sxnodouv.ini
C:\WINDOWS\system32\arqftaow.ini
C:\WINDOWS\system32\fhhhk.bak1
C:\WINDOWS\system32\fhhhk.bak2
C:\WINDOWS\system32\fhhhk.ini
C:\WINDOWS\system32\fhhhk.ini2
C:\WINDOWS\system32\fhhhk.tmp
C:\WINDOWS\system32\fhhhk.bak1
C:\WINDOWS\system32\fhhhk.bak2
C:\WINDOWS\system32\fhhhk.ini
C:\WINDOWS\system32\fhhhk.ini2
C:\WINDOWS\system32\fhhhk.tmp
C:\WINDOWS\system32\khhhf.dll
C:\WINDOWS\system32\khfggge.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\install.log
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\screensavers.com
C:\WINDOWS\hosts
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 )))))))))))))))))))))))))))))))
jonked
Regular Member
 
Posts: 27
Joined: June 16th, 2007, 6:55 pm

Unread postby Shaba » June 18th, 2007, 12:44 pm

Hi

Are you running combofix as an admin?

Open HijackThis, click do a system scan only and checkmark these:

O4 - HKLM\..\Run: [vmfcbypo.exe] C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe
O4 - HKCU\..\Run: [Ho3tRObpX] drpd3x40.exe
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - http://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {1E89F686-B78D-4C85-9EFC-3474516E3FE2} - http://www.teen-nude-celebrities.com/in ... 109191.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/active ... anager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab


Close all windows including browser and press fix checked.

Reboot.

Delete these:

C:\WINDOWS\system32\sfsync02.dll
C:\WINDOWS\system32\ytcylcoe.dll
C:\pmcubosf3.exe
C:\WINDOWS\system32\pmcubosf
C:\WINDOWS\system32\scchk32.exe
C:\WINDOWS\system32\gicjaagp.dll
C:\Documents and Settings\All Users\Application Data\vmfcbypo.exe

Empty Recycle Bin

Look in your control panels add/remove programs for any of these and uninstall them:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
or anything similar with Oin or Outerinfo in it.
Zolero
Tizzletalk
MediaTickets
Cowabanga
and any other programs you didn't install or don't recognize - if your not sure please ask first


Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed

Reboot

Re-run combofix.

Post:

- a fresh HijackThis log
- combofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby jonked » June 18th, 2007, 3:14 pm

Please see below for results for last set of instructions.


C:\pmcubosf3.exe ---- CANNOT DELETE IT IS BEING USED BY ANOTHER PROGRAM OR PERSON
C:\WINDOWS\system32\pmcubosf ---- NOT PRESENT


Oin ---- NOT PRESENT
Yazzle by Oin ---- NOT PRESENT
Purityscan by Oin ---- NOT PRESENT
Snowballwars by Oin ---- NOT PRESENT
or anything similar with Oin or Outerinfo in it. ---- NOT PRESENT
Zolero ---- NOT PRESENT
Tizzletalk ---- NOT PRESENT
MediaTickets ---- NOT PRESENT
Cowabanga ---- NOT PRESENT
and any other programs you didn't install or don't recognize - if your not sure please ask first

COMBOFIX REPORT

ComboFix 07-06-17 - C:\Documents and Settings\John\Desktop\ComboFix.exe
"John" - 2007-06-18 19:54:27 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-18 19:15 <DIR> d-------- C:\backups
2007-06-18 19:11 218,112 --a------ C:\scanner.exe
2007-06-17 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-06-17 22:32 <DIR> d-------- C:\DOCUME~1\John\Phone Browser
2007-06-17 22:32 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Datalayer
2007-06-17 22:31 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Nokia
2007-06-17 22:25 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\AdobeAUM
2007-06-17 22:14 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-17 22:14 <DIR> d-------- C:\Program Files\DIFX
2007-06-17 22:14 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-06-17 22:14 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\PC Suite
2007-06-17 22:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-06-17 22:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-06-17 22:12 <DIR> d-------- C:\Program Files\Nokia
2007-06-17 22:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-06-17 19:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 18:12 71,316 --a------ C:\VundoFix.exe
2007-06-16 14:10 662 --a------ C:\pmcubosf3.exe
2007-06-16 10:11 <DIR> d-------- C:\WINDOWS\system32\pmcubosf
2007-06-12 20:06 <DIR> d-------- C:\DOCUME~1\John\.housecall6.6
2007-06-11 22:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-09 23:33 <DIR> d---s---- C:\DOCUME~1\Anne\APPLIC~1\?icrosoft
2007-06-09 23:18 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-06-09 23:16 <DIR> d---s---- C:\WINDOWS\system32\M?crosoft
2007-06-09 23:16 <DIR> d-------- C:\Program Files\?icrosoft.NET
2007-06-09 23:16 <DIR> d-------- C:\Program Files\?icrosoft
2007-06-09 23:15 <DIR> d-------- C:\Program Files\A?pPatch
2007-06-09 23:15 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?asks
2007-06-09 23:14 <DIR> d-------- C:\Program Files\??pPatch
2007-06-09 23:13 <DIR> d-------- C:\WINDOWS\system32\?asks
2007-06-09 23:13 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-06-09 23:13 <DIR> d-------- C:\Program Files\??mbols
2007-06-09 23:12 <DIR> d---s---- C:\WINDOWS\system32\?icrosoft
2007-06-09 23:12 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-06-09 23:12 <DIR> d-------- C:\Program Files\Common Files\?icrosoft
2007-06-09 23:12 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?ssembly
2007-06-09 23:12 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??crosoft.NET
2007-06-09 23:11 <DIR> dr--s---- C:\WINDOWS\a?sembly
2007-06-09 23:11 <DIR> d---s---- C:\WINDOWS\?asks
2007-06-09 23:11 <DIR> d-------- C:\WINDOWS\system32\F?nts
2007-06-09 23:11 <DIR> d-------- C:\WINDOWS\A?pPatch
2007-06-09 23:11 <DIR> d-------- C:\Program Files\Common Files\?asks
2007-06-09 23:11 <DIR> d-------- C:\Program Files\?asks
2007-06-09 23:11 <DIR> d-------- C:\Program Files\??crosoft.NET
2007-06-09 23:11 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\s?stem32
2007-06-09 23:10 <DIR> dr--s---- C:\WINDOWS\??sembly
2007-06-09 23:10 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-09 23:10 <DIR> d---s---- C:\DOCUME~1\Anne\APPLIC~1\??crosoft
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\system32\??sks
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\?ymbols
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\?icrosoft.NET
2007-06-09 23:10 <DIR> d-------- C:\WINDOWS\??stem
2007-06-09 23:10 <DIR> d-------- C:\Program Files\Common Files\?ymantec
2007-06-09 23:10 <DIR> d-------- C:\Program Files\Common Files\??sembly
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\F?nts
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?asks
2007-06-09 23:10 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??pPatch
2007-06-09 23:09 <DIR> d---s---- C:\WINDOWS\??sks
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\A?pPatch
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\??pPatch
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\?dobe
2007-06-09 23:09 <DIR> d-------- C:\WINDOWS\??crosoft
2007-06-09 23:09 <DIR> d-------- C:\Program Files\F?nts
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\S?mantec
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\?ystem
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\?dobe
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\??curity
2007-06-09 23:09 <DIR> d-------- C:\Program Files\Common Files\??crosoft.NET
2007-06-09 23:09 <DIR> d-------- C:\Program Files\?ecurity
2007-06-09 23:09 <DIR> d-------- C:\Program Files\?asks
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\S?mantec
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\?ymbols
2007-06-09 23:09 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??crosoft.NET
2007-06-09 23:08 <DIR> d-a------ C:\WINDOWS\??stem32
2007-06-09 23:08 <DIR> d---s---- C:\WINDOWS\system32\??crosoft
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\W?nSxS
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\s?stem32
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\s?stem
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\?ymantec
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\?icrosoft.NET
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\system32\??crosoft.NET
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\s?mbols
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\?ecurity
2007-06-09 23:08 <DIR> d-------- C:\WINDOWS\??pPatch
2007-06-09 23:08 <DIR> d-------- C:\Program Files\F?nts
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\s?stem32
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\?ecurity
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??stem32
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??sks
2007-06-09 23:08 <DIR> d-------- C:\Program Files\Common Files\??crosoft
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?racle
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?icrosoft
2007-06-09 23:08 <DIR> d-------- C:\Program Files\?dobe
2007-06-09 23:08 <DIR> d-------- C:\Program Files\??sks
2007-06-09 23:08 <DIR> d-------- C:\Program Files\??curity
2007-06-09 23:08 <DIR> d-------- C:\DOCUME~1\Anne\APPLIC~1\??sembly
2007-06-09 23:07 <DIR> d-a------ C:\WINDOWS\?ystem32
2007-06-09 23:07 <DIR> d---s---- C:\WINDOWS\?asks
2007-06-09 23:07 <DIR> d-------- C:\WINDOWS\system32\?ymbols


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-17 21:09:18 -------- d-----w C:\DOCUME~1\John\APPLIC~1\Azureus
2007-06-16 19:32:28 -------- d-----w C:\Program Files\Virtools
2007-06-16 19:22:29 -------- d-----w C:\Program Files\Viewpoint
2007-06-16 08:27:20 -------- d-----w C:\Program Files\Common Files\Command Software
2007-06-12 20:18:41 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-06-09 22:18:57 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-09 22:16:57 -------- d-----w C:\Program Files\?icrosoft.NET
2007-06-09 22:16:23 -------- d-----w C:\Program Files\?icrosoft
2007-06-09 22:14:39 -------- d-----w C:\Program Files\??pPatch
2007-06-09 22:13:58 -------- d-----w C:\Program Files\??mbols
2007-06-09 22:12:16 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-09 22:11:39 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-09 22:11:25 -------- d-----w C:\Program Files\?asks
2007-06-09 22:11:18 -------- d-----w C:\Program Files\??crosoft.NET
2007-06-09 22:10:24 -------- d-----w C:\Program Files\Common Files\?ymantec
2007-06-09 22:10:21 -------- d-----w C:\Program Files\Common Files\??sembly
2007-06-09 22:09:53 -------- d-----w C:\Program Files\Common Files\??curity
2007-06-09 22:09:31 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-09 22:09:23 -------- d-----w C:\Program Files\?asks
2007-06-09 22:09:22 -------- d-----w C:\Program Files\?ecurity
2007-06-09 22:09:09 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-09 22:09:06 -------- d-----w C:\Program Files\Common Files\?ystem
2007-06-09 22:08:53 -------- d-----w C:\Program Files\Common Files\??crosoft
2007-06-09 22:08:48 -------- d-----w C:\Program Files\?icrosoft
2007-06-09 22:08:47 -------- d-----w C:\Program Files\??curity
2007-06-09 22:08:43 -------- d-----w C:\Program Files\?dobe
2007-06-09 22:08:31 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-09 22:08:31 -------- d-----w C:\Program Files\??sks
2007-06-09 22:08:15 -------- d-----w C:\Program Files\Common Files\??stem32
2007-06-09 22:08:09 -------- d-----w C:\Program Files\Common Files\?ecurity
2007-06-09 22:08:07 -------- d-----w C:\Program Files\?racle
2007-06-09 22:07:51 -------- d-----w C:\Program Files\Common Files\?racle
2007-06-09 22:07:50 -------- d-----w C:\Program Files\??pPatch
2007-06-09 22:07:40 -------- d-----w C:\Program Files\??crosoft.NET
2007-06-09 22:07:38 -------- d-----w C:\Program Files\?ymbols
2007-06-09 22:07:37 -------- d-----w C:\Program Files\Common Files\??crosoft.NET
2007-06-09 22:07:26 -------- d-----w C:\Program Files\Common Files\?icrosoft
2007-06-09 22:07:14 -------- d-----w C:\Program Files\?icrosoft.NET
2007-06-09 22:07:03 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-09 22:07:01 -------- d-----w C:\Program Files\??crosoft
2007-06-09 22:06:53 -------- d-----w C:\Program Files\Common Files\?dobe
2007-06-09 22:06:27 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-09 22:06:22 -------- d-----w C:\Program Files\??crosoft
2007-06-09 22:06:21 -------- d-----w C:\Program Files\Common Files\??sks
2007-06-09 22:06:20 -------- d-----w C:\Program Files\Common Files\??mbols
2007-06-09 22:06:15 -------- d-----w C:\Program Files\?ystem
2007-06-09 22:06:13 -------- d-----w C:\Program Files\?ppPatch
2007-06-09 22:06:07 -------- d-----w C:\Program Files\Common Files\??mantec
2007-06-09 22:06:05 -------- d-----w C:\Program Files\?ystem32
2007-06-09 22:06:04 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-09 22:06:00 -------- d-----w C:\Program Files\??sks
2007-06-09 22:05:57 -------- d-----w C:\Program Files\?racle
2007-06-09 22:05:49 -------- d-----w C:\Program Files\Common Files\??stem
2007-06-09 22:05:47 -------- d-----w C:\Program Files\Common Files\??pPatch
2007-06-09 22:05:45 -------- d-----w C:\Program Files\Common Files\?icrosoft.NET
2007-06-09 22:05:42 -------- d-----w C:\Program Files\?ssembly
2007-06-09 22:05:41 -------- d-----w C:\Program Files\?ymantec
2007-06-09 22:05:36 -------- d-----w C:\Program Files\??mantec
2007-06-09 22:05:31 -------- d-----w C:\Program Files\Common Files\?racle
2007-06-09 22:05:29 -------- d-----w C:\Program Files\??sembly
2007-06-09 22:05:26 -------- d-----w C:\Program Files\?ppPatch
2007-06-09 22:05:25 -------- d-----w C:\Program Files\?dobe
2007-06-09 22:05:16 -------- d-----w C:\Program Files\Common Files\?ssembly
2007-06-09 22:05:15 -------- d-----w C:\Program Files\Common Files\?ppPatch
2007-06-09 22:05:13 -------- d-----w C:\Program Files\??stem32
2007-06-09 22:05:07 -------- d-----w C:\Program Files\Common Files\?ymbols
2007-06-09 22:04:59 -------- d-----w C:\Program Files\Common Files\?asks
2007-06-09 22:04:57 -------- d-----w C:\Program Files\??stem
2007-06-09 22:04:52 -------- d-----w C:\Program Files\Common Files\?ystem32
2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 21:13:18 -------- d-----w C:\Program Files\Your Syndicate Manager
2007-05-10 11:23:44 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-27 18:07:48 79,384 ----a-w C:\WINDOWS\system32\avmontr.dll
2007-04-27 17:49:12 840,352 ----a-w C:\WINDOWS\system32\drivers\css-dvp.sys
2007-04-25 18:20:57 -------- d-----w C:\DOCUME~1\John\APPLIC~1\AdobeUM
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-23 05:07:56 1,683,280 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 05:07:54 583,504 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 19:25:02 124,928 ----a-w C:\WINDOWS\system32\prntvpt.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 23:17]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}=C:\Program Files\blueyonder\PCguard\pkR.dll [2006-05-01 13:41]
{56071E0D-C61B-11D3-B41C-00E02927A304}=C:\Program Files\blueyonder\PCguard\FBHR.dll [2006-05-01 13:41]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 01:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMLABTECMOUSE"="C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe" [2004-12-13 23:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"MISAggregator"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NWEReboot"="" []
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 05:41]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 16:06 C:\WINDOWS\system32\ptipbmf.dll]
"PVR Agent"="C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe" [2005-07-05 19:25]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 23:38]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"eFax 4.1"="C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-17 00:59]
"PCguardadvisor.exe"="C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" [2006-04-28 15:27]
"PCguard"="C:\Program Files\blueyonder\PCguard\Rps.exe" [2006-05-01 13:43]
"five Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [2006-07-30 11:25]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2005-06-14 16:23]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-06-17 20:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MS Office32cb Startup"=OfficeGUI32cb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlvv32]
winlvv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
backup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk]
backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MediaFace Integration"=F:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


Contents of the 'Scheduled Tasks' folder
2005-02-16 22:41:46 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC John.job
2007-06-08 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC John.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 19:57:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [3224]


scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-18 19:58:07
C:\ComboFix-quarantined-files.txt ... 2007-06-18 19:57
C:\ComboFix2.txt ... 2007-06-17 20:17

--- E O F ---

HIGHJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 20:12, on 2007-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/mi ... Loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex ... Loader.cab
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} (five Class) - http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2779681543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7678277405
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://www.download.five.tv/Download/En ... Silent.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winlvv32 - winlvv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)

HOPE I HAVE FOLLOWED YOUR INSTRUCTIONS CORRECTLY.
RGDS JONKED
jonked
Regular Member
 
Posts: 27
Joined: June 16th, 2007, 6:55 pm

Unread postby Shaba » June 19th, 2007, 4:32 am

Hi

Ok, purityscan doesn't want to go away.

Delete this file:

C:\pmcubosf3.exe

Delete these folders (NOTE: They are all created 2007-06-09, don't delete any other folders, they might be legit)

C:\WINDOWS\system32\pmcubosf
C:\WINDOWS\system32\M?crosoft (may look like Microsoft)
C:\Program Files\?icrosoft.NET (may look like Microsoft.NET)
C:\Program Files\?icrosoft (may look like Microsoft)
C:\Program Files\A?pPatch (may look like AppPatch)
C:\DOCUME~1\Anne\APPLIC~1\?asks (may look like Tasks)
C:\Program Files\??pPatch (may look like AppPatch)
C:\WINDOWS\system32\?asks (may look like Tasks)
C:\WINDOWS\system32\??pPatch (may look like AppPatch)
C:\Program Files\??mbols (may look like Symbols)
C:\WINDOWS\system32\?icrosoft (may look like Microsoft)
C:\WINDOWS\system32\??sks (may look like Tasks)
C:\Program Files\Common Files\?icrosoft (may look like Microsoft)
C:\DOCUME~1\Anne\APPLIC~1\?ssembly (may look like Assembly)
C:\DOCUME~1\Anne\APPLIC~1\??crosoft.NET (may look like Microsoft.NET)
C:\WINDOWS\a?sembly (may look like Assembly)
C:\WINDOWS\?asks (may look like Tasks)
C:\WINDOWS\system32\F?nts (may look like Fonts)
C:\WINDOWS\A?pPatch (may look like AppPatch)
C:\Program Files\Common Files\?asks (may look like Tasks)
C:\Program Files\?asks (may look like Tasks)
C:\Program Files\??crosoft.NET (may look like Microsoft.NET)
C:\DOCUME~1\Anne\APPLIC~1\s?stem32 (may look like system32)
C:\WINDOWS\??sembly (may look like Assembly)
C:\WINDOWS\system32\??crosoft (may look like Microsoft)
C:\DOCUME~1\Anne\APPLIC~1\??crosoft (may look like Microsoft)
C:\WINDOWS\system32\??sks (may look like Tasks)
C:\WINDOWS\?ymbols (may look like Symbols)
C:\WINDOWS\?icrosoft.NET (may look like Microsoft.NET)
C:\WINDOWS\??stem (may look like system)
C:\Program Files\Common Files\?ymantec (may look like Symantec)
C:\Program Files\Common Files\??sembly (may look like Assembly)
C:\DOCUME~1\Anne\APPLIC~1\F?nts (may look like Fonts)
C:\DOCUME~1\Anne\APPLIC~1\?asks (may look like Tasks)
C:\DOCUME~1\Anne\APPLIC~1\??pPatch (may look like AppPatch)
C:\WINDOWS\??sks (may look like Tasks)
C:\WINDOWS\system32\A?pPatch (may look like AppPatch)
C:\WINDOWS\system32\??pPatch (may look like AppPatch)
C:\WINDOWS\system32\??crosoft.NET (may look like Microsoft.NET)
C:\WINDOWS\?dobe (may look like Adobe)
C:\WINDOWS\??crosoft (may look like Microsoft)
C:\Program Files\F?nts (may look like Fonts)
C:\Program Files\Common Files\S?mantec (may look like Symantec)
C:\Program Files\Common Files\?ystem (may look like system)
C:\Program Files\Common Files\?dobe (may look like Adobe)
C:\Program Files\Common Files\??curity (may look like security)
C:\Program Files\Common Files\??crosoft.NET (may look like Microsoft.NET)
C:\Program Files\?ecurity (may look like Security)
C:\Program Files\?asks (may look like Tasks)
C:\DOCUME~1\Anne\APPLIC~1\S?mantec (may look like Symantec)
C:\DOCUME~1\Anne\APPLIC~1\?ymbols (may look like Symbols)
C:\DOCUME~1\Anne\APPLIC~1\??crosoft.NET (may look like Microsoft.NET)
C:\WINDOWS\??stem32 (may look like system32)
C:\WINDOWS\system32\??crosoft (may look like Microsoft)
C:\WINDOWS\W?nSxS (may look like WinSxS)
C:\WINDOWS\system32\s?stem32 (may look like system32)
C:\WINDOWS\system32\s?stem (may look like system)
C:\WINDOWS\system32\?ymantec (may look like Symantec)
C:\WINDOWS\system32\?icrosoft.NET (may look like Microsoft.NET)
C:\WINDOWS\system32\??crosoft.NET (may look like Microsoft.NET)
C:\WINDOWS\s?mbols (may look like Symbols)
C:\WINDOWS\?ecurity (may look like Security)
C:\WINDOWS\??pPatch (may look like AppPatch)
C:\Program Files\F?nts (may look like Fonts)
C:\Program Files\Common Files\s?stem32 (may look like system32)
C:\Program Files\Common Files\?ecurity (may look like Security)
C:\Program Files\Common Files\??stem32 (may look like system32)
C:\Program Files\Common Files\??sks (may look like Tasks)
C:\Program Files\Common Files\??crosoft (may look like Microsoft)
C:\Program Files\?racle (may look like Oracle)
C:\Program Files\?icrosoft (may look like Microsoft)
C:\Program Files\?dobe (may look like Adobe)
C:\Program Files\??sks (may look like Tasks)
C:\Program Files\??curity (may look like Security)
C:\DOCUME~1\Anne\APPLIC~1\??sembly (may look like Assembly)
C:\WINDOWS\?ystem32 (may look like system32)
C:\WINDOWS\?asks (may look like Tasks)
C:\WINDOWS\system32\?ymbols
(may look like Symbols)
C:\Program Files\Common Files\??crosoft (may look like Microsoft)
C:\Program Files\?icrosoft.NET (may look like Microsoft.NET)
C:\Program Files\?icrosoft (may look like Microsoft)
C:\Program Files\??pPatch (may look like AppPatch)
C:\Program Files\??mbols (may look like Symbols)
C:\Program Files\Common Files\?icrosoft (may look like Microsoft)
C:\Program Files\Common Files\?asks (may look like Tasks)
C:\Program Files\?asks (may look like Tasks)
C:\Program Files\??crosoft.NET (may look like Microsoft.NET)
C:\Program Files\Common Files\?ymantec (may look like Symantec)
C:\Program Files\Common Files\??sembly (may look like Assembly)
C:\Program Files\Common Files\??curity (may look like Security)
C:\Program Files\Common Files\??crosoft.NET (may look like Microsoft.NET)
C:\Program Files\?asks (may look like Tasks)
C:\Program Files\?ecurity (may look like Security)
C:\Program Files\Common Files\?dobe (may look like Adobe)
C:\Program Files\Common Files\?ystem (may look like system)
C:\Program Files\Common Files\??crosoft (may look like Microsoft)
C:\Program Files\?icrosoft (may look like Microsoft)
C:\Program Files\??curity (may look like Security)
C:\Program Files\?dobe (may look like Adobe)
C:\Program Files\Common Files\??sks (may look like Tasks)
C:\Program Files\??sks (may look like Tasks)
C:\Program Files\Common Files\??stem32 (may look like system32)
C:\Program Files\Common Files\?ecurity (may look like Security)
C:\Program Files\?racle (may look like Oracle)
C:\Program Files\Common Files\?racle (may look like Oracle)
C:\Program Files\??pPatch (may look like AppPatch)
C:\Program Files\??crosoft.NET (may look like Microsoft.NET)
C:\Program Files\?ymbols (may look like Symbols)
C:\Program Files\Common Files\??crosoft.NET (may look like Microsoft.NET)
C:\Program Files\Common Files\?icrosoft (may look like Microsoft)
C:\Program Files\?icrosoft.NET (may look like Microsoft.NET)
C:\Program Files\Common Files\??pPatch (may look like AppPatch)
C:\Program Files\??crosoft (may look like Microsoft)
C:\Program Files\Common Files\?dobe (may look like Adobe)
C:\Program Files\Common Files\?icrosoft.NET (may look like Microsoft.NET)
C:\Program Files\??crosoft (may look like Microsoft)
C:\Program Files\Common Files\??sks (may look like Tasks)
C:\Program Files\Common Files\??mbols (may look like symbols)
C:\Program Files\?ystem (may look like system)
C:\Program Files\?ppPatch (may look like AppPatch)
C:\Program Files\Common Files\??mantec (may look like Symantec)
C:\Program Files\?ystem32 (may look like system32)
C:\Program Files\Common Files\?ppPatch (may look like AppPatch)
C:\Program Files\??sks (may look like Tasks)
C:\Program Files\?racle (may look like Oracle)
C:\Program Files\Common Files\??stem (may look like system)
C:\Program Files\Common Files\??pPatch (may look like AppPatch)
C:\Program Files\Common Files\?icrosoft.NET (may look like Microsoft.NET)
C:\Program Files\?ssembly (may look like Assembly)
C:\Program Files\?ymantec (may look like Symantec)
C:\Program Files\??mantec (may look like Symantec)
C:\Program Files\Common Files\?racle (may look like Oracle)
C:\Program Files\??sembly (may look like Assembly)
C:\Program Files\?ppPatch (may look like AppPatch)
C:\Program Files\?dobe (may look like Adobe)
C:\Program Files\Common Files\?ssembly (may look like Assembly)
C:\Program Files\Common Files\?ppPatch (may look like AppPatch)
C:\Program Files\??stem32 (may look like system32)
C:\Program Files\Common Files\?ymbols (may look like Symbols)
C:\Program Files\Common Files\?asks (may look like Tasks)
C:\Program Files\??stem (may look like system)
C:\Program Files\Common Files\?ystem32 (may look like system32)

Empty Recycle Bin

Re-run combofix

Post:

- a fresh HijackThis log
- combofix report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Latest logs

Unread postby jonked » June 19th, 2007, 3:46 pm

Managed to delete all the files you listed except C:\pmcubosf3.exe.
Still getting
"Cannot delete pmcubosf3: It is being used by another person or program.
Close any programs that may be using the file and try again."

--------------------------------
I've added the Combofix-quarantined-files.txt after the combofix log.

COMBOFIX log

ComboFix 07-06-17 - C:\Documents and Settings\John\Desktop\ComboFix.exe
"John" - 2007-06-19 20:22:54 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-05-19 to 2007-06-19 )))))))))))))))))))))))))))))))


2007-06-18 19:15 <DIR> d-------- C:\backups
2007-06-18 19:11 218,112 --a------ C:\scanner.exe
2007-06-17 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-06-17 22:32 <DIR> d-------- C:\DOCUME~1\John\Phone Browser
2007-06-17 22:32 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Datalayer
2007-06-17 22:31 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Nokia
2007-06-17 22:25 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\AdobeAUM
2007-06-17 22:14 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-17 22:14 <DIR> d-------- C:\Program Files\DIFX
2007-06-17 22:14 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-06-17 22:14 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\PC Suite
2007-06-17 22:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-06-17 22:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-06-17 22:12 <DIR> d-------- C:\Program Files\Nokia
2007-06-17 22:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-06-17 19:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 18:12 71,316 --a------ C:\VundoFix.exe
2007-06-16 14:10 662 --a------ C:\pmcubosf3.exe
2007-06-12 20:06 <DIR> d-------- C:\DOCUME~1\John\.housecall6.6
2007-06-11 22:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-09 23:06 <DIR> d-------- C:\Program Files\W?nSxS
2007-06-09 23:06 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2007-06-08 20:28 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Symantec
2007-06-08 20:27 <DIR> d-------- C:\Program Files\Symantec
2007-06-08 20:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-08 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-06-08 20:26 4,588,454 --a------ C:\Program Files\setup.exe
2007-06-08 20:26 <DIR> d-------- C:\Program Files\Support
2007-06-08 20:26 <DIR> d-------- C:\Program Files\Driver Validation
2007-06-05 21:22 <DIR> d-------- C:\Program Files\Freecom Backup Software
2007-06-05 21:21 73,728 --a------ C:\WINDOWS\system32\Zion.dll
2007-06-05 21:21 7,040 --a------ C:\WINDOWS\system32\drivers\Gonzales.sys
2007-06-05 21:21 12,160 --a------ C:\WINDOWS\system32\drivers\Bonifay.sys
2007-06-05 21:21 <DIR> d-------- C:\Program Files\Freecom Personal Media Suite
2007-05-29 20:19 <DIR> d-------- C:\DOCUME~1\Graeme\APPLIC~1\Google
2007-05-22 23:04 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-05-22 22:57 81,920 --a------ C:\DOCUME~1\John\APPLIC~1\ezpinst.exe
2007-05-22 22:57 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-22 22:57 47,360 --a------ C:\DOCUME~1\John\APPLIC~1\pcouffin.sys
2007-05-22 22:57 <DIR> d-------- C:\Program Files\CloneDVD
2007-05-22 22:57 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Vso


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 21:02:16 -------- d-----w C:\Program Files\Common Files\Command Software
2007-06-17 21:09:18 -------- d-----w C:\DOCUME~1\John\APPLIC~1\Azureus
2007-06-16 19:32:28 -------- d-----w C:\Program Files\Virtools
2007-06-16 19:22:29 -------- d-----w C:\Program Files\Viewpoint
2007-06-12 20:18:41 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 21:13:18 -------- d-----w C:\Program Files\Your Syndicate Manager
2007-05-10 11:23:44 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-27 18:07:48 79,384 ----a-w C:\WINDOWS\system32\avmontr.dll
2007-04-27 17:49:12 840,352 ----a-w C:\WINDOWS\system32\drivers\css-dvp.sys
2007-04-25 18:20:57 -------- d-----w C:\DOCUME~1\John\APPLIC~1\AdobeUM
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-23 05:07:56 1,683,280 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 05:07:54 583,504 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 19:25:02 124,928 ----a-w C:\WINDOWS\system32\prntvpt.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 23:17]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}=C:\Program Files\blueyonder\PCguard\pkR.dll [2006-05-01 13:41]
{56071E0D-C61B-11D3-B41C-00E02927A304}=C:\Program Files\blueyonder\PCguard\FBHR.dll [2006-05-01 13:41]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 01:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMLABTECMOUSE"="C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe" [2004-12-13 23:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"MISAggregator"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NWEReboot"="" []
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 05:41]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 16:06 C:\WINDOWS\system32\ptipbmf.dll]
"PVR Agent"="C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe" [2005-07-05 19:25]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 23:38]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"eFax 4.1"="C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-17 00:59]
"PCguardadvisor.exe"="C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" [2006-04-28 15:27]
"PCguard"="C:\Program Files\blueyonder\PCguard\Rps.exe" [2006-05-01 13:43]
"five Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [2006-07-30 11:25]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2005-06-14 16:23]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-06-17 20:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MS Office32cb Startup"=OfficeGUI32cb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlvv32]
winlvv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
backup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk]
backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MediaFace Integration"=F:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


Contents of the 'Scheduled Tasks' folder
2005-02-16 22:41:46 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC John.job
2007-06-08 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC John.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-19 20:25:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-19 20:26:06
C:\ComboFix-quarantined-files.txt ... 2007-06-19 20:25
C:\ComboFix2.txt ... 2007-06-18 19:58
C:\ComboFix3.txt ... 2007-06-17 20:17

--- E O F ---
-------------------------------------

COMBOFIX-QUATANTINED-FILES.TXT

[code]
2004-12-11 00:35 158 --a------ C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
2005-05-16 14:23 19968 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sfsync02.sys.vir
2005-09-19 23:20 0 --a--c--- C:\Qoobox\Quarantine\C\WINDOWS\hosts.vir
2007-06-09 23:04 33302 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\khfggge.dll.vir
2007-06-09 23:13 263220 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\khhhf.dll.vir
2007-06-09 23:13 263220 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mllih.dll.vir
2007-06-09 23:13 353 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hillm.ini.vir
2007-06-09 23:16 131124 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\evtfsjtg.dll.vir
2007-06-09 23:19 125460 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mvkqmsnf.dll.vir
2007-06-10 10:02 166 --a------ C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-06-10 23:09 1226168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fhhhk.ini.vir
2007-06-11 22:29 1895907 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\gtjsftve.ini.vir
2007-06-12 19:18 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qbqkupia.dll.vir
2007-06-13 00:18 1223916 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fhhhk.tmp.vir
2007-06-13 16:43 943955 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\aipukqbq.ini.vir
2007-06-13 16:47 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hknbujkv.dll.vir
2007-06-13 19:35 944107 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vkjubnkh.ini.vir
2007-06-13 19:44 125460 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\guexyurq.dll.vir
2007-06-13 19:44 131124 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\woatfqra.dll.vir
2007-06-13 20:11 944227 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\arqftaow.ini.vir
2007-06-13 20:17 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ljrqdchb.dll.vir
2007-06-13 20:56 931684 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\bhcdqrjl.ini.vir
2007-06-15 22:49 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nwjfudum.dll.vir
2007-06-16 09:25 2742914 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mudufjwn.ini.vir
2007-06-16 09:27 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ebxsotrx.dll.vir
2007-06-16 12:04 3648450 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\xrtosxbe.ini.vir
2007-06-16 12:08 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\jmmrguub.dll.vir
2007-06-16 13:08 3647457 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\buugrmmj.ini.vir
2007-06-16 17:00 125460 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\qiofkugg.dll.vir
2007-06-16 18:00 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vuodonxs.dll.vir
2007-06-16 18:01 3641544 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\sxnodouv.ini.vir
2007-06-16 20:19 124436 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mtejedda.dll.vir
2007-06-16 20:38 3641604 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\addejetm.ini.vir

--------------------------------------------------

Highjackthis log


Logfile of HijackThis v1.99.1
Scan saved at 20:44, on 2007-06-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/mi ... Loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex ... Loader.cab
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} (five Class) - http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2779681543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7678277405
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://www.download.five.tv/Download/En ... Silent.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winlvv32 - winlvv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)
jonked
Regular Member
 
Posts: 27
Joined: June 16th, 2007, 6:55 pm

Unread postby Shaba » June 20th, 2007, 4:32 am

Hi

Looking much better :)

Let's try this next:

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\pmcubosf3.exe

Folder::
C:\Program Files\W?nSxS
C:\Program Files\Common Files\W?nSxS


Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Latest results 20062007 16:45

Unread postby jonked » June 20th, 2007, 11:58 am

ComboFix.txt

ComboFix 07-06-17 - C:\Documents and Settings\John\Desktop\ComboFix.exe
"John" - 2007-06-20 16:40:01 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\John\Desktop\ComboFix-Do.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\pmcubosf3.exe


((((((((((((((((((((((((( Files Created from 2007-05-20 to 2007-06-20 )))))))))))))))))))))))))))))))


2007-06-18 19:15 <DIR> d-------- C:\backups
2007-06-18 19:11 218,112 --a------ C:\scanner.exe
2007-06-17 22:34 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-06-17 22:32 <DIR> d-------- C:\DOCUME~1\John\Phone Browser
2007-06-17 22:32 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Datalayer
2007-06-17 22:31 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Nokia
2007-06-17 22:25 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\AdobeAUM
2007-06-17 22:14 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-06-17 22:14 <DIR> d-------- C:\Program Files\DIFX
2007-06-17 22:14 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-06-17 22:14 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\PC Suite
2007-06-17 22:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-06-17 22:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-06-17 22:12 <DIR> d-------- C:\Program Files\Nokia
2007-06-17 22:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-06-17 19:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-17 18:12 71,316 --a------ C:\VundoFix.exe
2007-06-12 20:06 <DIR> d-------- C:\DOCUME~1\John\.housecall6.6
2007-06-11 22:44 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-06-09 23:06 <DIR> d-------- C:\Program Files\W?nSxS
2007-06-09 23:06 <DIR> d-------- C:\Program Files\Common Files\W?nSxS
2007-06-08 20:28 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Symantec
2007-06-08 20:27 <DIR> d-------- C:\Program Files\Symantec
2007-06-08 20:27 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-06-08 20:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-06-08 20:26 4,588,454 --a------ C:\Program Files\setup.exe
2007-06-08 20:26 <DIR> d-------- C:\Program Files\Support
2007-06-08 20:26 <DIR> d-------- C:\Program Files\Driver Validation
2007-06-05 21:22 <DIR> d-------- C:\Program Files\Freecom Backup Software
2007-06-05 21:21 73,728 --a------ C:\WINDOWS\system32\Zion.dll
2007-06-05 21:21 7,040 --a------ C:\WINDOWS\system32\drivers\Gonzales.sys
2007-06-05 21:21 12,160 --a------ C:\WINDOWS\system32\drivers\Bonifay.sys
2007-06-05 21:21 <DIR> d-------- C:\Program Files\Freecom Personal Media Suite
2007-05-29 20:19 <DIR> d-------- C:\DOCUME~1\Graeme\APPLIC~1\Google
2007-05-22 23:04 14 --a------ C:\WINDOWS\system32\systeminfo3.dll
2007-05-22 22:57 81,920 --a------ C:\DOCUME~1\John\APPLIC~1\ezpinst.exe
2007-05-22 22:57 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-22 22:57 47,360 --a------ C:\DOCUME~1\John\APPLIC~1\pcouffin.sys
2007-05-22 22:57 <DIR> d-------- C:\Program Files\CloneDVD
2007-05-22 22:57 <DIR> d-------- C:\DOCUME~1\John\APPLIC~1\Vso


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-20 09:21:56 -------- d-----w C:\Program Files\Common Files\Command Software
2007-06-17 21:09:18 -------- d-----w C:\DOCUME~1\John\APPLIC~1\Azureus
2007-06-16 19:32:28 -------- d-----w C:\Program Files\Virtools
2007-06-16 19:22:29 -------- d-----w C:\Program Files\Viewpoint
2007-06-12 20:18:41 -------- d-----w C:\Program Files\Common Files\PestPatrol
2007-05-16 15:12:02 683,520 ------w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 21:13:18 -------- d-----w C:\Program Files\Your Syndicate Manager
2007-05-10 11:23:44 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-04-27 18:07:48 79,384 ----a-w C:\WINDOWS\system32\avmontr.dll
2007-04-27 17:49:12 840,352 ----a-w C:\WINDOWS\system32\drivers\css-dvp.sys
2007-04-25 18:20:57 -------- d-----w C:\DOCUME~1\John\APPLIC~1\AdobeUM
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-03-23 05:07:56 1,683,280 ----a-w C:\WINDOWS\system32\XpsSvcs.dll
2007-03-23 05:07:54 583,504 ----a-w C:\WINDOWS\system32\XPSSHHDR.dll
2007-03-22 19:25:02 124,928 ----a-w C:\WINDOWS\system32\prntvpt.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-11-03 23:17]
{3C060EA2-E6A9-4E49-A530-D4657B8C449A}=C:\Program Files\blueyonder\PCguard\pkR.dll [2006-05-01 13:41]
{56071E0D-C61B-11D3-B41C-00E02927A304}=C:\Program Files\blueyonder\PCguard\FBHR.dll [2006-05-01 13:41]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 01:05]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AE7CD045-E861-484f-8273-0445EE161910}=F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMLABTECMOUSE"="C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe" [2004-12-13 23:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"MISAggregator"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NWEReboot"="" []
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 05:41]
"nwiz"="nwiz.exe" [2005-12-10 04:06 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 17:53 C:\WINDOWS\SOUNDMAN.EXE]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 16:06 C:\WINDOWS\system32\ptipbmf.dll]
"PVR Agent"="C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe" [2005-07-05 19:25]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-04 23:38]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"HP Software Update"="F:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10]
"eFax 4.1"="C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-17 00:59]
"PCguardadvisor.exe"="C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe" [2006-04-28 15:27]
"PCguard"="C:\Program Files\blueyonder\PCguard\Rps.exe" [2006-05-01 13:43]
"five Media Manager Tray"="C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" [2006-07-30 11:25]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2005-06-14 16:23]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-06-17 20:02]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MS Office32cb Startup"=OfficeGUI32cb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlvv32]
winlvv32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.1.lnk]
backup=C:\WINDOWS\pss\eFax 4.1.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk]
backup=C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"MediaFace Integration"=F:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe


Contents of the 'Scheduled Tasks' folder
2005-02-16 22:41:46 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~HOME-PC John.job
2007-06-08 16:15:00 C:\WINDOWS\tasks\1-Click Maintenance.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\2 Copernic Daily ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\3 Copernic Weekly ~HOME-PC John.job
2005-02-16 22:41:46 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC Anne.job
2005-12-04 20:43:01 C:\WINDOWS\tasks\4 Copernic Monthly ~HOME-PC John.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-20 16:42:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-06-20 16:43:38
C:\ComboFix-quarantined-files.txt ... 2007-06-20 16:43
C:\ComboFix2.txt ... 2007-06-19 20:26
C:\ComboFix3.txt ... 2007-06-18 19:58

--- E O F ---
----------------------------------------
ComboFix-quarantined-files.txt

Code: Select all
2004-12-11 00:35      158    --a------    C:\Qoobox\Quarantine\C\INSTALL.LOG.vir
2005-05-16 14:23      19968    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\sfsync02.sys.vir
2005-09-19 23:20      0    --a--c---    C:\Qoobox\Quarantine\C\WINDOWS\hosts.vir
2007-06-09 23:04      33302    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\khfggge.dll.vir
2007-06-09 23:13      263220    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\khhhf.dll.vir
2007-06-09 23:13      263220    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mllih.dll.vir
2007-06-09 23:13      353    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hillm.ini.vir
2007-06-09 23:16      131124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\evtfsjtg.dll.vir
2007-06-09 23:19      125460    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mvkqmsnf.dll.vir
2007-06-10 10:02      166    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-06-10 23:09      1226168    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fhhhk.ini.vir
2007-06-11 22:29      1895907    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\gtjsftve.ini.vir
2007-06-12 19:18      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\qbqkupia.dll.vir
2007-06-13 00:18      1223916    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fhhhk.tmp.vir
2007-06-13 16:43      943955    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\aipukqbq.ini.vir
2007-06-13 16:47      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hknbujkv.dll.vir
2007-06-13 19:35      944107    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vkjubnkh.ini.vir
2007-06-13 19:44      125460    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\guexyurq.dll.vir
2007-06-13 19:44      131124    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\woatfqra.dll.vir
2007-06-13 20:11      944227    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\arqftaow.ini.vir
2007-06-13 20:17      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ljrqdchb.dll.vir
2007-06-13 20:56      931684    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\bhcdqrjl.ini.vir
2007-06-15 22:49      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\nwjfudum.dll.vir
2007-06-16 09:25      2742914    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mudufjwn.ini.vir
2007-06-16 09:27      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ebxsotrx.dll.vir
2007-06-16 12:04      3648450    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\xrtosxbe.ini.vir
2007-06-16 12:08      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\jmmrguub.dll.vir
2007-06-16 13:08      3647457    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\buugrmmj.ini.vir
2007-06-16 17:00      125460    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\qiofkugg.dll.vir
2007-06-16 18:00      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vuodonxs.dll.vir
2007-06-16 18:01      3641544    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\sxnodouv.ini.vir
2007-06-16 20:19      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mtejedda.dll.vir
2007-06-16 20:38      3641604    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\addejetm.ini.vir
2007-06-16 20:46      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\paavwvml.dll.vir
2007-06-17 09:21      1225250    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fhhhk.bak1.vir
2007-06-17 09:22      3641725    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\lmvwvaap.ini.vir
2007-06-17 09:29      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\kqueplsp.dll.vir
2007-06-17 16:54      3639006    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pslpeuqk.ini.vir
2007-06-17 16:58      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fkplloge.dll.vir
2007-06-17 17:21      3637788    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\egollpkf.ini.vir
2007-06-17 17:27      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\cetigupt.dll.vir
2007-06-17 17:27      3637848    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\tpugitec.ini.vir
2007-06-17 17:30      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\qdhigecw.dll.vir
2007-06-17 17:30      345    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\wcegihdq.ini.vir
2007-06-17 17:40      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\msoeijok.dll.vir
2007-06-17 18:21      921830    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\kojieosm.ini.vir
2007-06-17 18:27      124436    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\elgonhkf.dll.vir
2007-06-17 19:54      1225233    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fhhhk.bak2.vir
2007-06-17 19:55      921950    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fkhnogle.ini.vir
2007-06-17 20:00      1217530    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fhhhk.ini2.vir
2007-06-17 20:00      1488    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_SFSYNC02.reg.cf
2007-06-17 20:00      2572    --a------    C:\Qoobox\Quarantine\Registry_backups\services_sfsync02.reg.cf
2007-06-17 20:01      104    --a------    C:\Qoobox\Quarantine\catchme.log
2007-06-18 19:31      662    --a------    C:\Qoobox\Quarantine\C\pmcubosf3.exe.vir


Folder PATH listing
Volume serial number is A8BB-91F1
C:\QOOBOX
\---Quarantine
    |   catchme.log
    |   
    +---C
    |   |   INSTALL.LOG.vir
    |   |   pmcubosf3.exe.vir
    |   |   
    |   \---WINDOWS
    |       |   hosts.vir
    |       |   wr.txt.vir
    |       |   
    |       \---system32
    |           |   addejetm.ini.vir
    |           |   aipukqbq.ini.vir
    |           |   arqftaow.ini.vir
    |           |   bhcdqrjl.ini.vir
    |           |   buugrmmj.ini.vir
    |           |   cetigupt.dll.vir
    |           |   ebxsotrx.dll.vir
    |           |   egollpkf.ini.vir
    |           |   elgonhkf.dll.vir
    |           |   evtfsjtg.dll.vir
    |           |   fhhhk.bak1.vir
    |           |   fhhhk.bak2.vir
    |           |   fhhhk.ini.vir
    |           |   fhhhk.ini2.vir
    |           |   fhhhk.tmp.vir
    |           |   fkhnogle.ini.vir
    |           |   fkplloge.dll.vir
    |           |   gtjsftve.ini.vir
    |           |   guexyurq.dll.vir
    |           |   hillm.ini.vir
    |           |   hknbujkv.dll.vir
    |           |   jmmrguub.dll.vir
    |           |   khfggge.dll.vir
    |           |   khhhf.dll.vir
    |           |   kojieosm.ini.vir
    |           |   kqueplsp.dll.vir
    |           |   ljrqdchb.dll.vir
    |           |   lmvwvaap.ini.vir
    |           |   mllih.dll.vir
    |           |   msoeijok.dll.vir
    |           |   mtejedda.dll.vir
    |           |   mudufjwn.ini.vir
    |           |   mvkqmsnf.dll.vir
    |           |   nwjfudum.dll.vir
    |           |   paavwvml.dll.vir
    |           |   pslpeuqk.ini.vir
    |           |   qbqkupia.dll.vir
    |           |   qdhigecw.dll.vir
    |           |   qiofkugg.dll.vir
    |           |   sxnodouv.ini.vir
    |           |   tpugitec.ini.vir
    |           |   vkjubnkh.ini.vir
    |           |   vuodonxs.dll.vir
    |           |   wcegihdq.ini.vir
    |           |   woatfqra.dll.vir
    |           |   xrtosxbe.ini.vir
    |           |   
    |           \---drivers
    |                   sfsync02.sys.vir
    |                   
    \---Registry_backups
            LEGACY_SFSYNC02.reg.cf
            services_sfsync02.reg.cf
            

-----------------------------------------

Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 16:56, on 2007-06-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\blueyonder\PCguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe
C:\Program Files\blueyonder\PCguard\Rps.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaServer.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\blueyonder\PCguard\pkR.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\blueyonder\PCguard\FBHR.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] F:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [PCguardadvisor.exe] "C:\Program Files\blueyonder\PCguard advisor\PCguardadvisor.exe"
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\blueyonder\PCguard\Rps.exe"
O4 - HKLM\..\Run: [five Media Manager Tray] "C:\Program Files\Entriq\MediaSphere\Bin\EntriqMediaTray.exe" /CustomId:five
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Freecom Personal Media Suite.lnk = C:\Program Files\Freecom Personal Media Suite\FCPMS.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Search Using Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - blank (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/rapti ... loader.cab
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {164B406B-0FD6-4E7F-BA7E-64D227D4CA37} (dnlplayer Class) - http://www.digitalwebbooks.com/reader/dbplugin.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/inflaterball/mi ... Loader.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/Reflex ... Loader.cab
O16 - DPF: {46431044-1B22-4EF3-B333-863AAF310153} (five Class) - http://www.download.five.tv/Download/five_3_4_0_8.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0, ... Portal.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2779681543
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7678277405
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://www.download.five.tv/Download/En ... Silent.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winlvv32 - winlvv32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCguard Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\blueyonder\PCguard\fws.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - Unknown owner - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe (file missing)

Thanks
Jonked
jonked
Regular Member
 
Posts: 27
Joined: June 16th, 2007, 6:55 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Vanilla-krypton and 72 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware