Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hypersonic's Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hypersonic's Log

Unread postby Hypersonic » December 1st, 2007, 10:31 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:36 AM, on 11/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tmrsr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\Insider\Insider.exe
C:\PROGRA~1\COMMON~1\SKS~1\scanregw.exe
C:\Program Files\?ymantec\?hkdsk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Valued Customer\Application Data\ktzoprugw.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Valued Customer\load.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\SPYWAREfighter\SPYWAREfighter.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\tmrsr.exe,C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll
O2 - BHO: (no name) - {8EEDEEB3-422D-4ED8-8B61-5E9C0E4A3AAE} - C:\Program Files\MSN\hokewo24418.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: aivskurq.msdn_hlp - {BF442538-BE32-4055-A549-2F3B699F55EB} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: (no name) - {C1F8F947-618C-647A-D25D-3BE607F20CE5} - C:\WINDOWS\system32\jbreej.dll (file missing)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Ehsc] "C:\PROGRA~1\COMMON~1\SKS~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Fdfndz] "C:\Program Files\?ymantec\?hkdsk.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Valued Customer\Application Data\mrgzppfgnncu.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/seri ... /gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\ComPlus Applications\profsyfsyfse.html

--
End of file - 15685 bytes
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm
Advertisement
Register to Remove

Re: Hypersonic's Log

Unread postby beynac » December 4th, 2007, 4:59 am

Good morning.

Welcome to MalWare Removal forum. I'm looking through your log and will post back very shortly.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Re: Hypersonic's Log

Unread postby beynac » December 4th, 2007, 6:37 am

Hi.

We've got quite a lot to sort out. :) However, before we start, we need to disable some of your protection programs so that they do not interfere with our fixes:

Spyware Doctor
Click the OnGuard button on the left side and then uncheck Activate OnGuard.

AVG Anti-Spyware
Please check the following settings:
  • Click the Shield icon at the top.
  • Under Resident shield is... make sure that this shows as inactive or not available in the free version.
  • Change it, if necessary.
Close AVG Anti-Spyware. Do not scan.

Trojan Hunter
  • Disable TrojanHunter Guard by right clicking on the icon in your System Tray.
  • Make sure that the program itself is also closed/not running.

Anti Trojan Elite and Spyware Fighter
I am not familiar with these programs. Please ensure that any real-time protection is disabled.

Please ensure that these programs remain disabled until the computer is clean. I will make some recommendations about these programs later.

------------------------------------------------

ComboFix by sUBs

Important: If you already have ComboFix on your computer, please delete it and download the latest version.
  • Download this file - ComboFix.exe. (Please save it on your desktop).
  • Close all open windows.
  • Double click ComboFix.exe and follow the prompts.
  • When finished, it will produce a log for you. Please post that log in your next reply
Important: Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall

If necessary, please split the log into separate posts to ensure that they don't get cut off. It is important that I see the full log.

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

-----------------------------------------------

Please post the following, as a reply to this thread:
  • The ComboFix log
  • A new HijackThis log
Please also give me details of the problems you are having with the computer.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Re: Hypersonic's Log

Unread postby beynac » December 5th, 2007, 3:14 am

Good morning.

You have re-posted your original HijackThis log in two new threads. Please post the ComboFix log and a new HijackThis log as a reply to this thread (use the PostReply button).

Please do not start new topics - keep all your replies here.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Re: Hypersonic's Log

Unread postby Hypersonic » December 5th, 2007, 7:04 pm

Srry fo the duplicate. I guess I copied and pasted wrong. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:53 PM, on 12/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\WINDOWS\system32\NMSSvc.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Documents and Settings\Valued Customer\Application Data\axkdcrywi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLDesktop.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: aivskurq.msdn_hlp - {BF442538-BE32-4055-A549-2F3B699F55EB} - C:\WINDOWS\system32\aivskurq.dll (file missing)
O2 - BHO: (no name) - {C1F8F947-618C-647A-D25D-3BE607F20CE5} - C:\WINDOWS\system32\jbreej.dll (file missing)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [QdrModule9] "C:\Program Files\QdrModule\QdrModule9.exe"
O4 - HKCU\..\Run: [Ehsc] "C:\PROGRA~1\COMMON~1\SKS~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Fdfndz] "C:\Program Files\?ymantec\?hkdsk.exe"
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\Valued Customer\Application Data\hneeiqmurqek.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/seri ... /gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 14891 bytes
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby Hypersonic » December 5th, 2007, 7:20 pm

omboFix 07-12-02.6 - Valued Customer 2007-12-03 21:24:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -8:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-03 19:59 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\syxhsjwb.exe
2007-12-02 22:26 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\hneeiqmurqek.exe
2007-11-30 20:05 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\axkdcrywi.exe
2007-11-29 21:56 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\efokjg.exe
2007-11-29 01:56 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\dlr.exe
2007-11-29 00:50 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\nsjydy.exe
2007-11-28 23:57 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\sblnctpltwzk.exe
2007-11-28 21:33 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\egfgiw.exe
2007-11-28 18:58 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\pkks.exe
2007-11-28 00:40 . 2007-11-28 00:40 <DIR> d-------- C:\Program Files\Common Files\Application
2007-11-28 00:39 . 2007-11-28 00:52 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-11-28 00:23 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\mrgzppfgnncu.exe
2007-11-28 00:20 . 2007-11-30 21:47 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2007-11-27 23:49 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\ktzoprugw.exe
2007-11-27 19:32 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\ttelabl.exe
2007-11-27 13:54 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\dlsefv.exe
2007-11-27 02:11 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\osehflsayjg.exe
2007-11-26 20:17 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\hysd.exe
2007-11-26 19:04 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\fhmrq.exe
2007-11-26 13:50 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\zdqalkpqv.exe
2007-11-26 13:07 . 2007-11-26 13:07 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Awola
2007-11-26 13:00 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\vcvcmuf.exe
2007-11-26 11:40 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\atjhml.exe
2007-11-25 10:24 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\twpmi.exe
2007-11-24 12:47 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\ojwsebypwpm.exe
2007-11-24 12:34 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\lqdeynrb.exe
2007-11-24 10:41 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\hyekaea.exe
2007-11-24 10:23 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\fhtvy.exe
2007-11-23 09:44 . 2007-11-23 09:44 0 --ahs---- C:\Documents and Settings\Valued Customer\Application Data\.dat
2007-11-23 03:35 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\nkfregsf.exe
2007-11-22 06:08 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\uttlhwpbsn.exe
2007-11-22 02:55 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\oxntduruc.exe
2007-11-21 16:31 . 2007-12-02 22:51 0 --ahs---- C:\Documents and Settings\Valued Customer\Application Data\cee114bdba736a54628854af2d95a8300ba1e2bc.dat
2007-11-21 16:23 . 2007-11-21 16:23 220,160 --a------ C:\Documents and Settings\Valued Customer\load.exe
2007-11-21 16:16 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\svteqd.exe
2007-11-21 03:30 . 2007-11-21 03:30 12,800 --a------ C:\info.exe
2007-11-21 03:30 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\zuezvvj.exe
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\24C.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\249.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\247.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\245.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\242.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23D.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23C.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23A.tmp
2007-11-20 18:20 . 2007-11-20 18:20 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-18 02:02 . 2007-11-18 02:02 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\TrojanHunter
2007-11-18 01:49 . 2007-11-18 01:49 2 --a------ C:\F5.tmp
2007-11-17 20:47 . 2007-11-30 21:50 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-17 00:53 . 2007-11-17 00:53 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Grisoft
2007-11-17 00:52 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 00:51 . 2007-11-17 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 05:54 . 2007-11-16 05:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-16 05:53 . 2007-11-17 22:13 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Uniblue
2007-11-16 04:20 . 2007-11-30 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-16 04:20 . 2007-11-16 04:20 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\PC Tools
2007-11-16 04:20 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-16 04:20 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-16 04:20 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-16 04:20 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-16 04:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-15 15:04 . 2007-11-15 15:04 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Sammsoft
2007-11-15 15:02 . 2007-11-15 15:02 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2007-11-15 14:42 . 2007-11-16 04:53 <DIR> d-------- C:\Program Files\Registry Defender
2007-11-15 09:19 . 2007-11-15 09:19 <DIR> d-------- C:\Program Files\eAcceleration
2007-11-15 09:09 . 2007-11-18 04:05 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-11-11 09:20 . 2007-11-22 07:58 <DIR> d-------- C:\Program Files\AntispyStorm
2007-11-11 09:18 . 2007-11-14 11:03 1,677 --a------ C:\WINDOWS\default.htm
2007-11-11 09:17 . 2007-11-11 09:17 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-11-11 09:17 . 2007-11-11 09:17 32,256 --a------ C:\WINDOWS\system32\ace16win.dll
2007-11-11 09:17 . 2007-11-11 09:17 9,984 --a------ C:\WINDOWS\absolute key logger.lnk
2007-11-11 08:56 . 2007-11-11 08:56 10 --a------ C:\WINDOWS\system32\din.ip
2007-11-11 08:56 . 2007-11-11 08:56 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-11-11 08:55 . 2007-11-11 08:55 27,136 --a------ C:\WINDOWS\system32\ramtmb.dll
2007-11-11 08:55 . 2007-12-02 22:37 2,528 --a------ C:\WINDOWS\system32\sft.res
2007-11-11 08:55 . 2007-11-27 19:42 20 --a------ C:\WINDOWS\system32\lt.res
2007-11-10 10:47 . 2007-11-24 13:27 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2007-11-09 16:06 . 2007-11-09 16:06 153 --a------ C:\WINDOWS\system32\delFSF.bat
2007-11-08 15:48 . 2007-11-08 15:48 2,238 --a------ C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
2007-11-04 08:00 . 2007-11-04 08:00 0 --a------ C:\E2.tmp
2007-11-04 07:59 . 2007-11-04 07:59 23,040 --a------ C:\D8.tmp
2007-11-04 07:59 . 2007-11-04 07:59 0 --a------ C:\DE.tmp
2007-11-04 07:58 . 2007-11-04 07:58 9,804 --a------ C:\D5.tmp
2007-11-04 07:58 . 2007-11-04 07:58 0 --a------ C:\D7.tmp
2007-11-04 07:58 . 2007-11-04 07:58 0 --a------ C:\D6.tmp
2007-11-04 07:57 . 2007-11-04 07:57 0 --a------ C:\D4.tmp
2007-11-04 07:57 . 2007-11-04 07:57 0 --a------ C:\D3.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 17:44 0 --sha-w C:\Documents and Settings\Valued Customer\Application Data\.dat
2007-11-20 08:42 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-18 11:39 --------- d-----w C:\Program Files\AIM6
2007-11-18 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-16 14:01 --------- d-----w C:\Program Files\Trend Micro
2007-11-16 12:20 --------- d-----w C:\Program Files\Google
2007-11-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-09 16:57 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-06 20:13 --------- d-----w C:\Program Files\Microsoft Games
2007-10-11 13:01 33,384 -c--a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-10-11 13:01 24,960 -c--a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-10-11 13:01 103,808 -c--a-w C:\WINDOWS\system32\AOLDial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1F8F947-618C-647A-D25D-3BE607F20CE5}]
C:\WINDOWS\system32\jbreej.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
2007-11-11 08:55 27136 --a------ C:\WINDOWS\system32\ramtmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 09:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-02 01:50]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 07:29]
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"Ehsc"="C:\PROGRA~1\COMMON~1\SKS~1\scanregw.exe" []
"Fdfndz"="C:\Program Files\?ymantec\?hkdsk.exe" []
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 05:29]
"Microsft Windows Adapter 5.1.3013"="C:\Documents and Settings\Valued Customer\Application Data\syxhsjwb.exe" [2007-11-21 03:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security\pccguide.exe" [2007-02-03 23:45]
"PCClient.exe"="C:\Program Files\Trend Micro\Internet Security\PCClient.exe" [2007-02-03 23:45]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" [2007-02-03 23:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 05:32]
"PROMon.exe"="PROMon.exe" [2002-04-18 17:32 C:\WINDOWS\system32\PROMon.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-08 20:45]
"CTHelper"="CTHELPER.EXE" [2002-07-02 14:56 C:\WINDOWS\system32\cthelper.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 00:00]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 13:21]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-06-20 11:26]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-06-20 11:25]
"GWMDMMSG"="GWMDMMSG.exe" [2006-09-03 11:16 C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [2006-09-03 11:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"HostManager"="C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe" [2007-10-08 13:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 16:29]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 16:12]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [2006-05-10 05:46]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 00:20:58]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-02 01:50:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 00:21:30]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-04-23 22:21:58]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-28 14:20:01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe
R2 PccPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\system32\drivers\NMSCFG.SYS
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys

*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-28 05:47:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 21:31:02
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 21:33:05
C:\ComboFix2.txt ... 2007-12-02 22:31
.
--- E O F ---
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby beynac » December 6th, 2007, 7:19 am

Good morning.

There's a lot of malware on your computer. Before I start to remove anything, I need to see a couple of reports. You appear to have run ComboFix for a second time. I need to see the log from the first run (C:\ComboFix2.txt), to see what it removed. Please open the log in Notepad and copy/paste the contents as a reply to this thread.

You also have quite a few anti-malware applications on the computer. Some of these are good and some are rogues. I would therefore like to see what programs are installed.

Please open HijackThis
  • Click on the Open the Misc Tools section button
  • Click on Open Uninstall Manager...
  • Click on Save List... (towards the bottom right)
  • Save the text file to a convenient location
  • Post the contents of the report as a reply to this thread

------------------------------------------

In summary, please post the following as a reply to this thread. You can use two replies if this would be easier.
  • The first ComboFix log (C:\ComboFix2.txt)
  • The HijackThis Uninstall List
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Re: Hypersonic's Log

Unread postby Hypersonic » December 6th, 2007, 5:23 pm

[size=50]ComboFix 07-12-02.6 - Valued Customer 2007-12-03 21:24:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.175 [GMT -8:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-03 19:59 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\syxhsjwb.exe
2007-12-02 22:26 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\hneeiqmurqek.exe
2007-11-30 20:05 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\axkdcrywi.exe
2007-11-29 21:56 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\efokjg.exe
2007-11-29 01:56 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\dlr.exe
2007-11-29 00:50 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\nsjydy.exe
2007-11-28 23:57 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\sblnctpltwzk.exe
2007-11-28 21:33 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\egfgiw.exe
2007-11-28 18:58 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\pkks.exe
2007-11-28 00:40 . 2007-11-28 00:40 <DIR> d-------- C:\Program Files\Common Files\Application
2007-11-28 00:39 . 2007-11-28 00:52 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-11-28 00:23 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\mrgzppfgnncu.exe
2007-11-28 00:20 . 2007-11-30 21:47 <DIR> d-------- C:\Program Files\Anti Trojan Elite
2007-11-27 23:49 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\ktzoprugw.exe
2007-11-27 19:32 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\ttelabl.exe
2007-11-27 13:54 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\dlsefv.exe
2007-11-27 02:11 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\osehflsayjg.exe
2007-11-26 20:17 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\hysd.exe
2007-11-26 19:04 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\fhmrq.exe
2007-11-26 13:50 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\zdqalkpqv.exe
2007-11-26 13:07 . 2007-11-26 13:07 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Awola
2007-11-26 13:00 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\vcvcmuf.exe
2007-11-26 11:40 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\atjhml.exe
2007-11-25 10:24 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\twpmi.exe
2007-11-24 12:47 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\ojwsebypwpm.exe
2007-11-24 12:34 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\lqdeynrb.exe
2007-11-24 10:41 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\hyekaea.exe
2007-11-24 10:23 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\fhtvy.exe
2007-11-23 09:44 . 2007-11-23 09:44 0 --ahs---- C:\Documents and Settings\Valued Customer\Application Data\.dat
2007-11-23 03:35 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\nkfregsf.exe
2007-11-22 06:08 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\uttlhwpbsn.exe
2007-11-22 02:55 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\oxntduruc.exe
2007-11-21 16:31 . 2007-12-02 22:51 0 --ahs---- C:\Documents and Settings\Valued Customer\Application Data\cee114bdba736a54628854af2d95a8300ba1e2bc.dat
2007-11-21 16:23 . 2007-11-21 16:23 220,160 --a------ C:\Documents and Settings\Valued Customer\load.exe
2007-11-21 16:16 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\svteqd.exe
2007-11-21 03:30 . 2007-11-21 03:30 12,800 --a------ C:\info.exe
2007-11-21 03:30 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\zuezvvj.exe
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\24C.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\249.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\247.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\245.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\242.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23D.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23C.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23A.tmp
2007-11-20 18:20 . 2007-11-20 18:20 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-18 02:02 . 2007-11-18 02:02 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\TrojanHunter
2007-11-18 01:49 . 2007-11-18 01:49 2 --a------ C:\F5.tmp
2007-11-17 20:47 . 2007-11-30 21:50 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-17 00:53 . 2007-11-17 00:53 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Grisoft
2007-11-17 00:52 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 00:51 . 2007-11-17 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 05:54 . 2007-11-16 05:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-16 05:53 . 2007-11-17 22:13 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Uniblue
2007-11-16 04:20 . 2007-11-30 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-16 04:20 . 2007-11-16 04:20 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\PC Tools
2007-11-16 04:20 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-16 04:20 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-16 04:20 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-16 04:20 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-16 04:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-15 15:04 . 2007-11-15 15:04 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Sammsoft
2007-11-15 15:02 . 2007-11-15 15:02 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2007-11-15 14:42 . 2007-11-16 04:53 <DIR> d-------- C:\Program Files\Registry Defender
2007-11-15 09:19 . 2007-11-15 09:19 <DIR> d-------- C:\Program Files\eAcceleration
2007-11-15 09:09 . 2007-11-18 04:05 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-11-11 09:20 . 2007-11-22 07:58 <DIR> d-------- C:\Program Files\AntispyStorm
2007-11-11 09:18 . 2007-11-14 11:03 1,677 --a------ C:\WINDOWS\default.htm
2007-11-11 09:17 . 2007-11-11 09:17 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-11-11 09:17 . 2007-11-11 09:17 32,256 --a------ C:\WINDOWS\system32\ace16win.dll
2007-11-11 09:17 . 2007-11-11 09:17 9,984 --a------ C:\WINDOWS\absolute key logger.lnk
2007-11-11 08:56 . 2007-11-11 08:56 10 --a------ C:\WINDOWS\system32\din.ip
2007-11-11 08:56 . 2007-11-11 08:56 4 --a------ C:\WINDOWS\system32\jpewocmz.ini
2007-11-11 08:55 . 2007-11-11 08:55 27,136 --a------ C:\WINDOWS\system32\ramtmb.dll
2007-11-11 08:55 . 2007-12-02 22:37 2,528 --a------ C:\WINDOWS\system32\sft.res
2007-11-11 08:55 . 2007-11-27 19:42 20 --a------ C:\WINDOWS\system32\lt.res
2007-11-10 10:47 . 2007-11-24 13:27 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2007-11-09 16:06 . 2007-11-09 16:06 153 --a------ C:\WINDOWS\system32\delFSF.bat
2007-11-08 15:48 . 2007-11-08 15:48 2,238 --a------ C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico
2007-11-04 08:00 . 2007-11-04 08:00 0 --a------ C:\E2.tmp
2007-11-04 07:59 . 2007-11-04 07:59 23,040 --a------ C:\D8.tmp
2007-11-04 07:59 . 2007-11-04 07:59 0 --a------ C:\DE.tmp
2007-11-04 07:58 . 2007-11-04 07:58 9,804 --a------ C:\D5.tmp
2007-11-04 07:58 . 2007-11-04 07:58 0 --a------ C:\D7.tmp
2007-11-04 07:58 . 2007-11-04 07:58 0 --a------ C:\D6.tmp
2007-11-04 07:57 . 2007-11-04 07:57 0 --a------ C:\D4.tmp
2007-11-04 07:57 . 2007-11-04 07:57 0 --a------ C:\D3.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-23 17:44 0 --sha-w C:\Documents and Settings\Valued Customer\Application Data\.dat
2007-11-20 08:42 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-18 11:39 --------- d-----w C:\Program Files\AIM6
2007-11-18 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-16 14:01 --------- d-----w C:\Program Files\Trend Micro
2007-11-16 12:20 --------- d-----w C:\Program Files\Google
2007-11-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-09 16:57 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-06 20:13 --------- d-----w C:\Program Files\Microsoft Games
2007-10-11 13:01 33,384 -c--a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-10-11 13:01 24,960 -c--a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-10-11 13:01 103,808 -c--a-w C:\WINDOWS\system32\AOLDial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
C:\WINDOWS\system32\aivskurq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1F8F947-618C-647A-D25D-3BE607F20CE5}]
C:\WINDOWS\system32\jbreej.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
2007-11-11 08:55 27136 --a------ C:\WINDOWS\system32\ramtmb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 09:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-02 01:50]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 07:29]
"QdrModule9"="C:\Program Files\QdrModule\QdrModule9.exe" []
"Ehsc"="C:\PROGRA~1\COMMON~1\SKS~1\scanregw.exe" []
"Fdfndz"="C:\Program Files\?ymantec\?hkdsk.exe" []
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 05:29]
"Microsft Windows Adapter 5.1.3013"="C:\Documents and Settings\Valued Customer\Application Data\syxhsjwb.exe" [2007-11-21 03:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security\pccguide.exe" [2007-02-03 23:45]
"PCClient.exe"="C:\Program Files\Trend Micro\Internet Security\PCClient.exe" [2007-02-03 23:45]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" [2007-02-03 23:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 05:32]
"PROMon.exe"="PROMon.exe" [2002-04-18 17:32 C:\WINDOWS\system32\PROMon.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-08 20:45]
"CTHelper"="CTHELPER.EXE" [2002-07-02 14:56 C:\WINDOWS\system32\cthelper.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 00:00]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 13:21]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-06-20 11:26]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-06-20 11:25]
"GWMDMMSG"="GWMDMMSG.exe" [2006-09-03 11:16 C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [2006-09-03 11:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"HostManager"="C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe" [2007-10-08 13:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 16:29]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 16:12]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [2006-05-10 05:46]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 00:20:58]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-02 01:50:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 00:21:30]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-04-23 22:21:58]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-28 14:20:01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe
R2 PccPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\system32\drivers\NMSCFG.SYS
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys

*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-28 05:47:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 21:31:02
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 21:33:05
C:\ComboFix2.txt ... 2007-12-02 22:31
.
--- E O F ---
[/size]
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby Hypersonic » December 6th, 2007, 5:26 pm

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Advanced Registry Optimizer
Ahead InCD
Ahead NeroMediaPlayer
AIM 6.0
AOL Instant Messenger
AOL Registration
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Software Update
AVG Anti-Spyware 7.5
Backyard Baseball 2001
Backyard Basketball
Backyard Football
Backyard Football 2002
Backyard Soccer MLS Edition
Best Buy Rhapsody
BRAIN QUEST
Creative Driver
DivX Web Player
Do More 6.0
GameSpy Arcade
Gateway Desktop Manager
Gateway Drivers and Applications Recovery
Gateway IE Customizations
Gateway Power Management
Global Star Software Product
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
greenstreet Coloring Book
GTW V.92 Voicemodem
Halo Editing Kit
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp instant support
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers
hp psc 2200 series
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_04
Java 2 Runtime Environment, SE v1.4.2_06
Learn2 Player (Uninstall Only)
LEGO Creator
Logitech Desktop Messenger
Logitech ImageStudio
Logitech Print Service
Macromedia Shockwave Player
Manheim Market Report 1.6
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Halo
Microsoft Halo Custom Edition
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Publisher 2003
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Photo 7.0
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Nero - Burning Rom
NGIS
NGIS - ConnecTech
NGIS - Remote Display
NVIDIA Windows 2000/XP Display Drivers
Pop-Up Stopper Free Edition
QuickBooks Pro Edition 2003
QuickTime
Readiris 7.5
RealOne Player
Rhapsody Player Engine
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB943460)
Shockwave
Sound Blaster Audigy
Spybot - Search & Destroy 1.4
Spyware Doctor 5.1
SPYWAREfighter
Trend Micro Internet Security
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
VCamNow V2.0
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Wireless-B Notebook Adapter Configuration Utility
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby beynac » December 6th, 2007, 6:34 pm

Hi.

Let's get rid of some of the malware. :) It is important that you follow these instructions exactly. If you are unsure, or have any problems, please stop and ask.

---------------------------------------------------

Please delete your copy of ComboFix and then download the latest version from here. (Please save it on your desktop). Do not run a scan yet.

---------------------------------------------------

Open Notepad and copy/paste the text in the quotebox below into it:
File::
C:\Documents and Settings\Valued Customer\Application Data\syxhsjwb.exe
C:\Documents and Settings\Valued Customer\Application Data\hneeiqmurqek.exe
C:\Documents and Settings\Valued Customer\Application Data\axkdcrywi.exe
C:\Documents and Settings\Valued Customer\Application Data\efokjg.exe
C:\Documents and Settings\Valued Customer\Application Data\dlr.exe
C:\Documents and Settings\Valued Customer\Application Data\nsjydy.exe
C:\Documents and Settings\Valued Customer\Application Data\sblnctpltwzk.exe
C:\Documents and Settings\Valued Customer\Application Data\egfgiw.exe
C:\Documents and Settings\Valued Customer\Application Data\pkks.exe
C:\Documents and Settings\Valued Customer\Application Data\mrgzppfgnncu.exe
C:\Documents and Settings\Valued Customer\Application Data\ktzoprugw.exe
C:\Documents and Settings\Valued Customer\Application Data\ttelabl.exe
C:\Documents and Settings\Valued Customer\Application Data\dlsefv.exe
C:\Documents and Settings\Valued Customer\Application Data\osehflsayjg.exe
C:\Documents and Settings\Valued Customer\Application Data\hysd.exe
C:\Documents and Settings\Valued Customer\Application Data\fhmrq.exe
C:\Documents and Settings\Valued Customer\Application Data\zdqalkpqv.exe
C:\Documents and Settings\Valued Customer\Application Data\vcvcmuf.exe
C:\Documents and Settings\Valued Customer\Application Data\atjhml.exe
C:\Documents and Settings\Valued Customer\Application Data\twpmi.exe
C:\Documents and Settings\Valued Customer\Application Data\ojwsebypwpm.exe
C:\Documents and Settings\Valued Customer\Application Data\lqdeynrb.exe
C:\Documents and Settings\Valued Customer\Application Data\hyekaea.exe
C:\Documents and Settings\Valued Customer\Application Data\fhtvy.exe
C:\Documents and Settings\Valued Customer\Application Data\nkfregsf.exe
C:\Documents and Settings\Valued Customer\Application Data\uttlhwpbsn.exe
C:\Documents and Settings\Valued Customer\Application Data\oxntduruc.exe
C:\Documents and Settings\Valued Customer\Application Data\svteqd.exe
C:\info.exe
C:\Documents and Settings\Valued Customer\Application Data\zuezvvj.exe
C:\Documents and Settings\Valued Customer\load.exe
C:\Documents and Settings\Valued Customer\Application Data\.dat
C:\Documents and Settings\Valued Customer\Application Data\cee114bdba736a54628854af2d95a8300ba1e2bc.dat
C:\WINDOWS\system32\jpewocmz.ini
C:\WINDOWS\system32\ramtmb.dll
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\jbreej.dll
C:\WINDOWS\system32\ramtmb.dll
C:\WINDOWS\system32\tmrsr.exe
C:\Program Files\QdrModule\QdrModule9.exe
C:\Program Files\Insider\Insider.exe
C:\PROGRA~1\COMMON~1\SKS~1\scanregw.exe
C:\Program Files\QdrDrive\QdrDrive8.dll
C:\Program Files\MSN\hokewo24418.dll
C:\Program Files\ComPlus Applications\profsyfsyfse.html

Folder::
C:\Documents and Settings\Valued Customer\Application Data\Awola
C:\Program Files\Anti Trojan Elite
C:\Program Files\AntispyStorm

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1F8F947-618C-647A-D25D-3BE607F20CE5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QdrModule9"=-
"Ehsc"=-
"Fdfndz"=-
"Microsft Windows Adapter 5.1.3013"=-


Save this on your Desktop as CFScript.txt

Image
ComboFix should also be on your Desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe. ComboFix will then run. When finished, it will produce a log (C:\ComboFix.txt). Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running as this may cause it to stall.

---------------------------------------------------

Please post the following as a reply to this thread:
  • The ComboFix log
  • A new HijackThis log
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Re: Hypersonic's Log

Unread postby Hypersonic » December 9th, 2007, 1:57 am

ComboFix 07-12-07.3 - Valued Customer 2007-12-09 0:47:09.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.117 [GMT -8:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Valued Customer\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Valued Customer\Application Data\.dat
C:\Documents and Settings\Valued Customer\Application Data\atjhml.exe
C:\Documents and Settings\Valued Customer\Application Data\axkdcrywi.exe
C:\Documents and Settings\Valued Customer\Application Data\cee114bdba736a54628854af2d95a8300ba1e2bc.dat
C:\Documents and Settings\Valued Customer\Application Data\dlr.exe
C:\Documents and Settings\Valued Customer\Application Data\dlsefv.exe
C:\Documents and Settings\Valued Customer\Application Data\efokjg.exe
C:\Documents and Settings\Valued Customer\Application Data\egfgiw.exe
C:\Documents and Settings\Valued Customer\Application Data\fhmrq.exe
C:\Documents and Settings\Valued Customer\Application Data\fhtvy.exe
C:\Documents and Settings\Valued Customer\Application Data\hneeiqmurqek.exe
C:\Documents and Settings\Valued Customer\Application Data\hyekaea.exe
C:\Documents and Settings\Valued Customer\Application Data\hysd.exe
C:\Documents and Settings\Valued Customer\Application Data\ktzoprugw.exe
C:\Documents and Settings\Valued Customer\Application Data\lqdeynrb.exe
C:\Documents and Settings\Valued Customer\Application Data\mrgzppfgnncu.exe
C:\Documents and Settings\Valued Customer\Application Data\nkfregsf.exe
C:\Documents and Settings\Valued Customer\Application Data\nsjydy.exe
C:\Documents and Settings\Valued Customer\Application Data\ojwsebypwpm.exe
C:\Documents and Settings\Valued Customer\Application Data\osehflsayjg.exe
C:\Documents and Settings\Valued Customer\Application Data\oxntduruc.exe
C:\Documents and Settings\Valued Customer\Application Data\pkks.exe
C:\Documents and Settings\Valued Customer\Application Data\sblnctpltwzk.exe
C:\Documents and Settings\Valued Customer\Application Data\svteqd.exe
C:\Documents and Settings\Valued Customer\Application Data\syxhsjwb.exe
C:\Documents and Settings\Valued Customer\Application Data\ttelabl.exe
C:\Documents and Settings\Valued Customer\Application Data\twpmi.exe
C:\Documents and Settings\Valued Customer\Application Data\uttlhwpbsn.exe
C:\Documents and Settings\Valued Customer\Application Data\vcvcmuf.exe
C:\Documents and Settings\Valued Customer\Application Data\zdqalkpqv.exe
C:\Documents and Settings\Valued Customer\Application Data\zuezvvj.exe
C:\Documents and Settings\Valued Customer\load.exe
C:\info.exe
C:\PROGRA~1\COMMON~1\SKS~1\scanregw.exe
C:\Program Files\ComPlus Applications\profsyfsyfse.html
C:\Program Files\Insider\Insider.exe
C:\Program Files\MSN\hokewo24418.dll
C:\Program Files\QdrDrive\QdrDrive8.dll
C:\Program Files\QdrModule\QdrModule9.exe
C:\WINDOWS\system32\aivskurq.dll
C:\WINDOWS\system32\jbreej.dll
C:\WINDOWS\system32\jpewocmz.ini
C:\WINDOWS\system32\ramtmb.dll
C:\WINDOWS\system32\tmrsr.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.

2007-12-07 20:46 . 2007-12-07 20:46 0 --ahs---- C:\Documents and Settings\Valued Customer\Application Data\02eeacf00952c2726dc33f272ca1a5310ba1e2bc.dat
2007-12-07 19:14 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\ujapplyzea.exe
2007-12-04 19:22 . 2007-11-21 03:30 12,800 --a------ C:\Documents and Settings\Valued Customer\Application Data\kqfei.exe
2007-12-04 03:13 . 2007-12-04 03:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-04 03:13 . 2007-12-04 03:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-28 00:40 . 2007-11-28 00:40 <DIR> d-------- C:\Program Files\Common Files\Application
2007-11-28 00:39 . 2007-11-28 00:52 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\24C.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\249.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\247.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\245.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\242.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23D.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23C.tmp
2007-11-20 21:51 . 2007-11-20 21:51 0 --a------ C:\23A.tmp
2007-11-20 18:20 . 2007-11-20 18:20 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2007-11-18 02:02 . 2007-11-18 02:02 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\TrojanHunter
2007-11-18 01:49 . 2007-11-18 01:49 2 --a------ C:\F5.tmp
2007-11-17 20:47 . 2007-11-30 21:50 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-17 00:53 . 2007-11-17 00:53 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Grisoft
2007-11-17 00:52 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 00:51 . 2007-11-17 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 05:54 . 2007-11-16 05:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-16 05:53 . 2007-11-17 22:13 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Uniblue
2007-11-16 04:20 . 2007-12-04 19:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-16 04:20 . 2007-11-16 04:20 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\PC Tools
2007-11-16 04:20 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-16 04:20 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-16 04:20 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-16 04:20 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-16 04:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-15 15:04 . 2007-11-15 15:04 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Sammsoft
2007-11-15 15:02 . 2007-11-15 15:02 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2007-11-15 14:42 . 2007-11-16 04:53 <DIR> d-------- C:\Program Files\Registry Defender
2007-11-15 09:19 . 2007-11-15 09:19 <DIR> d-------- C:\Program Files\eAcceleration
2007-11-15 09:09 . 2007-11-18 04:05 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-11-11 09:18 . 2007-11-14 11:03 1,677 --a------ C:\WINDOWS\default.htm
2007-11-11 09:17 . 2007-11-11 09:17 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-11-11 09:17 . 2007-11-11 09:17 32,256 --a------ C:\WINDOWS\system32\ace16win.dll
2007-11-11 09:17 . 2007-11-11 09:17 9,984 --a------ C:\WINDOWS\absolute key logger.lnk
2007-11-11 08:56 . 2007-11-11 08:56 10 --a------ C:\WINDOWS\system32\din.ip
2007-11-11 08:55 . 2007-12-04 01:52 2,528 --a------ C:\WINDOWS\system32\sft.res
2007-11-11 08:55 . 2007-11-27 19:42 20 --a------ C:\WINDOWS\system32\lt.res
2007-11-10 10:47 . 2007-11-24 13:27 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2007-11-09 16:06 . 2007-11-09 16:06 153 --a------ C:\WINDOWS\system32\delFSF.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 08:42 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-18 11:39 --------- d-----w C:\Program Files\AIM6
2007-11-18 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-16 14:01 --------- d-----w C:\Program Files\Trend Micro
2007-11-16 12:20 --------- d-----w C:\Program Files\Google
2007-11-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-09 16:57 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-06 20:13 --------- d-----w C:\Program Files\Microsoft Games
2007-10-11 13:01 33,384 -c--a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-10-11 13:01 24,960 -c--a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
2007-10-11 13:01 103,808 -c--a-w C:\WINDOWS\system32\AOLDial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 09:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-02 01:50]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 07:29]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 05:29]
"Awola"="C:\Documents and Settings\Valued Customer\Application Data\Awola\Awola.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security\pccguide.exe" [2007-02-03 23:45]
"PCClient.exe"="C:\Program Files\Trend Micro\Internet Security\PCClient.exe" [2007-02-03 23:45]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" [2007-02-03 23:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 05:32]
"PROMon.exe"="PROMon.exe" [2002-04-18 17:32 C:\WINDOWS\system32\PROMon.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-08 20:45]
"CTHelper"="CTHELPER.EXE" [2002-07-02 14:56 C:\WINDOWS\system32\cthelper.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 00:00]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 13:21]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-06-20 11:26]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-06-20 11:25]
"GWMDMMSG"="GWMDMMSG.exe" [2006-09-03 11:16 C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [2006-09-03 11:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"HostManager"="C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe" [2007-10-08 13:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 16:29]
"SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [2007-05-08 16:12]
"webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" []
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 00:20:58]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-02 01:50:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 00:21:30]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-04-23 22:21:58]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-28 14:20:01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 NMSSvc;Intel(R) NMS;C:\WINDOWS\system32\NMSSvc.exe
R2 PccPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
R3 NMSCFG;NIC Management Service Configuration Driver;\??\C:\WINDOWS\system32\drivers\NMSCFG.SYS
R3 SpyFighter;SpyFighter Guard Device;\??\C:\Program Files\SPYWAREfighter\spyfighter.sys
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe"
S3 ATE_PROCMON;ATE_PROCMON;\??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys

*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-28 05:47:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 00:52:52
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-09 0:54:41
C:\ComboFix2.txt ... 2007-12-07 20:58
C:\ComboFix3.txt ... 2007-12-03 21:33
.
--- E O F ---
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby Hypersonic » December 9th, 2007, 1:58 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:43 AM, on 12/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\PROMon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLDesktop.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Awola] "C:\Documents and Settings\Valued Customer\Application Data\Awola\Awola.exe" /MIN
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/seri ... /gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13437 bytes
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby beynac » December 9th, 2007, 11:10 am

Good afternoon.

Well done that's got rid of a lot of the baddies. We need to do the same again to get rid of some more.

---------------------------------------------

Open Notepad and copy/paste the text in the quotebox below into it:
File::
C:\Documents and Settings\Valued Customer\Application Data\02eeacf00952c2726dc33f272ca1a5310ba1e2bc.dat
C:\Documents and Settings\Valued Customer\Application Data\ujapplyzea.exe
C:\Documents and Settings\Valued Customer\Application Data\kqfei.exe
C:\24C.tmp
C:\249.tmp
C:\247.tmp
C:\245.tmp
C:\242.tmp
C:\23D.tmp
C:\23C.tmp
C:\23A.tmp
C:\WINDOWS\system32\everybodybets.32x32.4.ico
C:\F5.tmp
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\default.htm
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\GameFly_2.ico
C:\WINDOWS\system32\delFSF.bat

Folder::
C:\Program Files\eAcceleration
C:\Program Files\Registry Defender
C:\WINDOWS\system32\acespy
C:\Program Files\eAcceleration\Station
C:\Program Files\Acceleration Software

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Awola"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftwareStation"=-
"webscan"=-
"Anti Trojan Elite"=-


Save this on your Desktop as CFScript.txt

Image

ComboFix should also be on your Desktop. Referring to the picture above, drag CFScript.txt into ComboFix.exe. ComboFix will then run. When finished, it will produce a log (C:\ComboFix.txt). Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window whilst it's running as this may cause it to stall.

------------------------------------------------

Please post, as a reply to this thread:
  • The ComboFix log
  • A new HijackThis log

Please let me know how the computer is running now.
User avatar
beynac
MRU Honors Grad Emeritus
 
Posts: 1638
Joined: February 14th, 2006, 12:14 pm
Location: Norwich, England

Re: Hypersonic's Log

Unread postby Hypersonic » December 10th, 2007, 4:48 pm

ComboFix 07-12-07.3 - Valued Customer 2007-12-09 21:50:14.6 - NTFSx86
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Valued Customer\Desktop\CFScript.txt

FILE
C:\23A.tmp
C:\23C.tmp
C:\23D.tmp
C:\242.tmp
C:\245.tmp
C:\247.tmp
C:\249.tmp
C:\24C.tmp
C:\Documents and Settings\Valued Customer\Application Data\02eeacf00952c2726dc33f272ca1a5310ba1e2bc.dat
C:\Documents and Settings\Valued Customer\Application Data\kqfei.exe
C:\Documents and Settings\Valued Customer\Application Data\ujapplyzea.exe
C:\F5.tmp
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\default.htm
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\delFSF.bat
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\everybodybets.32x32.4.ico
C:\WINDOWS\system32\GameFly_2.ico
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\stfv.bin
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\23A.tmp
C:\23C.tmp
C:\23D.tmp
C:\242.tmp
C:\245.tmp
C:\247.tmp
C:\249.tmp
C:\24C.tmp
C:\Documents and Settings\Valued Customer\Application Data\02eeacf00952c2726dc33f272ca1a5310ba1e2bc.dat
C:\Documents and Settings\Valued Customer\Application Data\kqfei.exe
C:\Documents and Settings\Valued Customer\Application Data\ujapplyzea.exe
C:\F5.tmp
C:\Program Files\eAcceleration
C:\Program Files\eAcceleration\Framework\eac_framework.dll
C:\Program Files\eAcceleration\Framework\eac_install00.dat
C:\Program Files\eAcceleration\Framework\eac_surrogate.exe
C:\Program Files\eAcceleration\Station\eac_install00.dat
C:\Program Files\eAcceleration\Station\eAccelerationUpdatePrompt.exe.chk
C:\Program Files\eAcceleration\Station\EanthologyApp_Update.exe.chk
C:\Program Files\eAcceleration\Station\jade.dll
C:\Program Files\eAcceleration\Station\resources\css\theme.css
C:\Program Files\eAcceleration\Station\resources\html\brand.htm
C:\Program Files\eAcceleration\Station\resources\html\brandchild.htm
C:\Program Files\eAcceleration\Station\resources\html\content.htm
C:\Program Files\eAcceleration\Station\resources\html\contentheader.htm
C:\Program Files\eAcceleration\Station\resources\html\eac_addremove.htm
C:\Program Files\eAcceleration\Station\resources\html\eac_membership.htm
C:\Program Files\eAcceleration\Station\resources\html\eac_news.htm
C:\Program Files\eAcceleration\Station\resources\html\eac_overview.htm
C:\Program Files\eAcceleration\Station\resources\html\eac_support.htm
C:\Program Files\eAcceleration\Station\resources\html\eac_updates.htm
C:\Program Files\eAcceleration\Station\resources\html\expired.htm
C:\Program Files\eAcceleration\Station\resources\html\footer.htm
C:\Program Files\eAcceleration\Station\resources\html\games_overview.htm
C:\Program Files\eAcceleration\Station\resources\html\games_playtonet.htm
C:\Program Files\eAcceleration\Station\resources\html\header.htm
C:\Program Files\eAcceleration\Station\resources\html\konx_dialup.htm
C:\Program Files\eAcceleration\Station\resources\html\konx_email.htm
C:\Program Files\eAcceleration\Station\resources\html\konx_overview.htm
C:\Program Files\eAcceleration\Station\resources\html\mainfrm.htm
C:\Program Files\eAcceleration\Station\resources\html\megdat_dvcr.htm
C:\Program Files\eAcceleration\Station\resources\html\megdat_onlinebackup.htm
C:\Program Files\eAcceleration\Station\resources\html\megdat_onlinedisk.htm
C:\Program Files\eAcceleration\Station\resources\html\megdat_overview.htm
C:\Program Files\eAcceleration\Station\resources\html\megdat_zeus.htm
C:\Program Files\eAcceleration\Station\resources\html\oodlz_overview.htm
C:\Program Files\eAcceleration\Station\resources\html\oodlz_the4thcoming.htm
C:\Program Files\eAcceleration\Station\resources\html\sectionheader.htm
C:\Program Files\eAcceleration\Station\resources\html\select_overview.htm
C:\Program Files\eAcceleration\Station\resources\html\select_search.htm
C:\Program Files\eAcceleration\Station\resources\html\select_sonicoffice.htm
C:\Program Files\eAcceleration\Station\resources\html\select_webvoyager.htm
C:\Program Files\eAcceleration\Station\resources\html\select_windmail.htm
C:\Program Files\eAcceleration\Station\resources\html\stops_emailscanner.htm
C:\Program Files\eAcceleration\Station\resources\html\stops_firewall.htm
C:\Program Files\eAcceleration\Station\resources\html\stops_onaccess.htm
C:\Program Files\eAcceleration\Station\resources\html\stops_overview.htm
C:\Program Files\eAcceleration\Station\resources\html\stops_popupblocker.htm
C:\Program Files\eAcceleration\Station\resources\html\stops_protectstatus.htm
C:\Program Files\eAcceleration\Station\resources\html\stops_spamblocker.htm
C:\Program Files\eAcceleration\Station\resources\html\stops_threatscanner.htm
C:\Program Files\eAcceleration\Station\resources\html\update_info.htm
C:\Program Files\eAcceleration\Station\resources\html\veloz_overview.htm
C:\Program Files\eAcceleration\Station\resources\html\veloz_speedup.htm
C:\Program Files\eAcceleration\Station\resources\html\veloz_syspatch.htm
C:\Program Files\eAcceleration\Station\resources\images\add_email_16.gif
C:\Program Files\eAcceleration\Station\resources\images\blc.jpg
C:\Program Files\eAcceleration\Station\resources\images\bm.jpg
C:\Program Files\eAcceleration\Station\resources\images\bps_header_tl.gif
C:\Program Files\eAcceleration\Station\resources\images\bps_header_tm.gif
C:\Program Files\eAcceleration\Station\resources\images\bps_header_tr.gif
C:\Program Files\eAcceleration\Station\resources\images\bps_header_trft.gif
C:\Program Files\eAcceleration\Station\resources\images\bps_header_trfthv.gif
C:\Program Files\eAcceleration\Station\resources\images\brc.jpg
C:\Program Files\eAcceleration\Station\resources\images\collapse.gif
C:\Program Files\eAcceleration\Station\resources\images\eace.gif
C:\Program Files\eAcceleration\Station\resources\images\expand.gif
C:\Program Files\eAcceleration\Station\resources\images\header_tl.jpg
C:\Program Files\eAcceleration\Station\resources\images\header_tm.gif
C:\Program Files\eAcceleration\Station\resources\images\header_tr.gif
C:\Program Files\eAcceleration\Station\resources\images\header_trft.gif
C:\Program Files\eAcceleration\Station\resources\images\header_trfthv.gif
C:\Program Files\eAcceleration\Station\resources\images\konx.gif
C:\Program Files\eAcceleration\Station\resources\images\md.gif
C:\Program Files\eAcceleration\Station\resources\images\modify_email_16.gif
C:\Program Files\eAcceleration\Station\resources\images\not_active.gif
C:\Program Files\eAcceleration\Station\resources\images\off_blue.GIF
C:\Program Files\eAcceleration\Station\resources\images\off_wht.gif
C:\Program Files\eAcceleration\Station\resources\images\on_blue.GIF
C:\Program Files\eAcceleration\Station\resources\images\on_darkyellow.gif
C:\Program Files\eAcceleration\Station\resources\images\on_wht.gif
C:\Program Files\eAcceleration\Station\resources\images\on_yellow.gif
C:\Program Files\eAcceleration\Station\resources\images\oodlz.gif
C:\Program Files\eAcceleration\Station\resources\images\prodbtn_down.gif
C:\Program Files\eAcceleration\Station\resources\images\prodbtn_over.gif
C:\Program Files\eAcceleration\Station\resources\images\prodbtn_up.gif
C:\Program Files\eAcceleration\Station\resources\images\remove_email_16.gif
C:\Program Files\eAcceleration\Station\resources\images\select.gif
C:\Program Files\eAcceleration\Station\resources\images\softwarestation_interface.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_boxhead_lft.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_boxhead_rt.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_boxhead_space.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_eace_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_eace_empty.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_eace_empty_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_eace_over.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_eace_sel.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_eace_up.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_games-over.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_games-sel.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_games.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_konx_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_konx_empty.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_konx_empty_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_konx_over.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_konx_sel.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_konx_up.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_mgdt_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_mgdt_empty.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_mgdt_empty_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_mgdt_over.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_mgdt_sel.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_mgdt_up.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_slct_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_slct_empty.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_slct_empty_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_slct_over.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_slct_sel.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_slct_up.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_stop_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_stop_empty.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_stop_empty_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_stop_over.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_stop_sel.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_stop_up.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_veloz_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_veloz_empty.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_veloz_empty_down.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_veloz_over.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_veloz_sel.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_btn_veloz_up.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_footer_corner.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_footer_corner_over.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_footer_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_footer_logo.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_green_box_crepeat.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_green_box_hdr1.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_green_box_splitter.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_green_box_tl.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_green_box_tr.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_green_box_ttl.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_header_bps_expired.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_header_expired.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_eace_ar.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_eace_arrow.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_eace_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_eace_mem.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_eace_news.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_eace_ov.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_eace_sup.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_eace_ud.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_kx_arrow.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_kx_du.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_kx_email.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_kx_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_kx_ov.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_md_arrow.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_md_dvcr.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_md_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_md_ob.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_md_od.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_md_ov.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_md_zeus.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_oo_arrow.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_oo_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_oo_ov.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_oo_t4c.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_playtonet.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_search_arrow.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_search_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_select_office.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_select_overview.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_select_search.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_select_voyager.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_select_windmail.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_service.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_arrow.jpg
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_em.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_fw.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_oa.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_ov.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_pb.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_ps.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_sb.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_ss_ts.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_vz_arrow.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_vz_cs.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_vz_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_vz_ov.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_headers_vz_syspat.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ea_add-remove_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ea_general_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ea_help_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ea_install_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ea_settings_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ea_turnoff_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ea_turnon_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ea_view-article_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_eace_install_wht32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_eace_news_wht32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_eace_support_wht32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_kx_checkmail_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_kx_checkmail_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_kx_connect_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_kx_connect_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_kx_general_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_backup_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_backup_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_dvcr_16.GIF
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_dvcr_32.GIF
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_general_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_show-disc_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_show-disc_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_zeus_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_md_zeus_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_oo_general_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_search_wht32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_doc_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_draw_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_gen_wht.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_help_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_office_wht32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_pres_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_spread_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_voyager_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_voyager_wht3.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_windmail_wht.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_select_windmail_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_download-guard_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_email-scanner_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_firewall_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_general_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_general_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_onaccess_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_popup-blocker_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_scan-results_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_scanner_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_scanner_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_ss_spam-blocker_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_vlz_general_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_vlz_speedup_16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_vlz_speedup_32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icon_vlz_syspat_wht32.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_megdat_off_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_megdat_on_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_megdat_sett_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_mgdt_moreinfo_wht.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_ss_firewll_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_ss_moreinfo_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_ss_off_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_ss_on_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_ss_sett_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_veloz_syspat_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_icons_vlz_moreinfo_wht16.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_playtonet_main.gif
C:\Program Files\eAcceleration\Station\resources\images\ss_search_expand.gif
C:\Program Files\eAcceleration\Station\resources\images\stop.gif
C:\Program Files\eAcceleration\Station\resources\images\stopprotect.gif
C:\Program Files\eAcceleration\Station\resources\images\stops_header_expired.gif
C:\Program Files\eAcceleration\Station\resources\images\stops_header_joinnow.gif
C:\Program Files\eAcceleration\Station\resources\images\stops_header_tl.gif
C:\Program Files\eAcceleration\Station\resources\images\stops_header_tm.gif
C:\Program Files\eAcceleration\Station\resources\images\stops_header_tr.gif
C:\Program Files\eAcceleration\Station\resources\images\t4c.gif
C:\Program Files\eAcceleration\Station\resources\images\veloz.gif
C:\Program Files\eAcceleration\Station\resources\js\array.js
C:\Program Files\eAcceleration\Station\resources\js\button.js
C:\Program Files\eAcceleration\Station\resources\js\guids.js
C:\Program Files\eAcceleration\Station\resources\js\news.js
C:\Program Files\eAcceleration\Station\resources\js\overview.js
C:\Program Files\eAcceleration\Station\resources\js\panel.js
C:\Program Files\eAcceleration\Station\resources\js\produtils.js
C:\Program Files\eAcceleration\Station\resources\js\progbar.js
C:\Program Files\eAcceleration\Station\resources\js\scripts.js
C:\Program Files\eAcceleration\Station\resources\js\xmlobject.js
C:\Program Files\eAcceleration\Station\resources\xml\settings.xml
C:\Program Files\eAcceleration\Station\resources\xml\ssplugins.xml
C:\Program Files\eAcceleration\Station\sseng.dll
C:\Program Files\eAcceleration\Station\station.exe
C:\Program Files\eAcceleration\Station\Station_Update.exe.chk
C:\Program Files\Registry Defender
C:\Program Files\Registry Defender\backup\11_15_2007.reg
C:\Program Files\Registry Defender\report.csv
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\default.htm
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\delFSF.bat
C:\WINDOWS\system32\din.ip
C:\WINDOWS\system32\everybodybets.32x32.4.ico
C:\WINDOWS\system32\GameFly_2.ico
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\stfv.bin

.
((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-04 03:13 . 2007-12-04 03:13 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-04 03:13 . 2007-12-04 03:13 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-28 00:40 . 2007-11-28 00:40 <DIR> d-------- C:\Program Files\Common Files\Application
2007-11-28 00:39 . 2007-11-28 00:52 <DIR> d-------- C:\Program Files\SPYWAREfighter
2007-11-18 02:02 . 2007-11-18 02:02 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\TrojanHunter
2007-11-17 20:47 . 2007-11-30 21:50 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-17 00:53 . 2007-11-17 00:53 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Grisoft
2007-11-17 00:52 . 2007-05-30 04:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-17 00:51 . 2007-11-17 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-16 05:54 . 2007-11-16 05:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-16 05:53 . 2007-11-17 22:13 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Uniblue
2007-11-16 04:20 . 2007-12-04 19:50 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-16 04:20 . 2007-11-16 04:20 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\PC Tools
2007-11-16 04:20 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-16 04:20 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-16 04:20 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-16 04:20 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-16 04:19 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-15 15:04 . 2007-11-15 15:04 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Sammsoft
2007-11-15 15:02 . 2007-11-15 15:02 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-20 08:42 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-18 11:39 --------- d-----w C:\Program Files\AIM6
2007-11-18 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-16 14:01 --------- d-----w C:\Program Files\Trend Micro
2007-11-16 12:20 --------- d-----w C:\Program Files\Google
2007-11-09 17:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-09 16:57 --------- d-----w C:\Program Files\Common Files\AOL
2007-11-06 20:13 --------- d-----w C:\Program Files\Microsoft Games
2007-10-11 13:01 33,384 -c--a-w C:\WINDOWS\system32\drivers\atwpkt264.sys
2007-10-11 13:01 24,960 -c--a-w C:\WINDOWS\system32\drivers\atwpkt2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 09:40]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 11:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-02 01:50]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 07:29]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-07-23 09:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-17 05:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security\pccguide.exe" [2007-02-03 23:45]
"PCClient.exe"="C:\Program Files\Trend Micro\Internet Security\PCClient.exe" [2007-02-03 23:45]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" [2007-02-03 23:45]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 02:50]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-01 05:32]
"PROMon.exe"="PROMon.exe" [2002-04-18 17:32 C:\WINDOWS\system32\PROMon.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 03:19]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-08 20:45]
"CTHelper"="CTHELPER.EXE" [2002-07-02 14:56 C:\WINDOWS\system32\cthelper.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 00:00]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-10-04 00:00]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-06-10 13:21]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-06-20 11:26]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-06-20 11:25]
"GWMDMMSG"="GWMDMMSG.exe" [2006-09-03 11:16 C:\WINDOWS\GWMDMMSG.exe]
"GWMDMpi"="C:\WINDOWS\GWMDMpi.exe" [2006-09-03 11:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"HostManager"="C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe" [2007-10-08 13:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-04 16:29]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 00:20:58]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-02 01:50:07]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 00:21:30]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-04-23 22:21:58]
Wireless-B Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe [2005-08-28 14:20:01]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""


*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2007-10-01 14:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-28 05:47:00 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 22:12:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 12:45:56 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-09 00:54
C:\ComboFix3.txt ... 2007-12-07 20:58
.
--- E O F ---
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm

Re: Hypersonic's Log

Unread postby Hypersonic » December 10th, 2007, 4:49 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:41 PM, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\Internet Security\pccguide.exe
C:\Program Files\Trend Micro\Internet Security\PCClient.exe
C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\NMSSvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\Program Files\Common Files\AOL\1165102985\ee\AOLDesktop.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\1165102985\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165102985\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4757750375
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/seri ... /gwCID.CAB
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 12955 bytes





The problems of slowing down and freezing seem to be better
Hypersonic
Active Member
 
Posts: 14
Joined: December 1st, 2007, 10:25 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 291 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware