Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hi - New here having some malware/popup problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hi - New here having some malware/popup problems

Unread postby njdrummer » January 17th, 2008, 3:15 pm

Hello,
I recently was doing downloading some stuff from Limewire (the registered/paid for version). Since then I have been getting pop-ups and slow performance from my system. I installed/upgraded Norton Internet Security 2008 and ran several scans. Norton reported the W32.Trats!inf worm/virus several times but claimed it removed it. I am still getting pop up internet explorer windows for various advertisements and some porn sites. Norton Internet Security alerts me to some "attacks" here and there that it has blocked. I have run ad-aware, a2, vundofix, and norton anti-virus and removed whatever rubbish was found. I installed/ran Hijaack this per your guidelines and here is my log. Can someone PLEASE PLEASE PLEASE help me???? Thanks very much!!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:47 PM, on 1/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
c:\program files\common files\aol\1176546546\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1176546546\ee\aolsoftware.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebyv.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F3F061D-44FE-44CD-82A4-34C8B71CD340} - C:\Program Files\MSN Gaming Zone\niqyre4444.dll (file missing)
O2 - BHO: (no name) - {24D25449-7789-44D1-8403-B0D02CAE6407} - C:\Program Files\MSN Gaming Zone\niqyre83122.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5e638f80-a2f7-4327-a345-9ffb8660d418} - C:\WINDOWS\system32\bsupnno.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 0 - {9F231D4F-890C-479E-53BE-0F8C5FD09712} - C:\Program Files\Movie Maker\ryciludy.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe" -min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.sparkpea.net/controls/msnchat45.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Movie Maker\vilozowui.html

--
End of file - 12439 bytes
njdrummer
Regular Member
 
Posts: 15
Joined: January 17th, 2008, 3:01 pm
Advertisement
Register to Remove

Re: Hi - New here having some malware/popup problems

Unread postby ndmmxiaomayi » January 20th, 2008, 11:52 pm

Hi,

Sorry for the delay.

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from Bleeping Computer. Save it to your desktop.

If you can't download it, please try these 2 alternative sites:

Forospyware
Geeks to Go

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Hi - New here having some malware/popup problems

Unread postby njdrummer » January 21st, 2008, 12:28 am

Ok - downloaded and ran combofix, and a new hijackthis log...here ya go..(still getting popups by the way)...

Combofix log:
ComboFix 08-01-20.1 - Owner 2008-01-20 23:00:23.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\17PHolmes1188.exe
C:\WINDOWS\system32\e9
C:\WINDOWS\system32\e9\farstadcom2.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\p2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\t8
C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini2
C:\WINDOWS\system32\z4
C:\WINDOWS\Fonts\'
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 )))))))))))))))))))))))))))))))
.

2008-01-20 23:09 . 2008-01-20 23:09 <DIR> d-------- C:\temp\tn3
2008-01-20 23:09 . 2008-01-20 23:09 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-20 22:59 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 13:13 . 2008-01-17 13:45 <DIR> d-------- C:\Program Files\a-squared Free
2008-01-17 12:54 . 2008-01-17 12:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-17 03:22 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-17 03:22 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-17 03:22 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-17 03:22 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-17 03:22 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-17 03:22 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-17 03:22 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-17 03:22 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-17 03:22 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-17 01:40 . 2008-01-17 02:16 <DIR> d-------- C:\VundoFix Backups
2008-01-17 00:08 . 2008-01-17 01:20 <DIR> d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-01-16 02:05 . 2008-01-16 02:05 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-01-16 02:02 . 2008-01-16 02:55 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-01-16 01:58 . 2008-01-17 00:10 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-16 01:58 . 2008-01-17 00:10 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-16 01:58 . 2008-01-17 00:10 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-16 01:58 . 2008-01-17 00:10 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-16 00:31 . 2008-01-16 23:51 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files
2008-01-14 19:19 . 2008-01-14 19:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-01-14 15:06 . 2008-01-16 02:16 155,648 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-14 15:06 . 2008-01-16 02:17 126,976 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-14 07:58 . 2008-01-14 07:58 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-14 07:56 . 2008-01-17 00:58 <DIR> d--hs---- C:\WINDOWS\b3duZXI
2008-01-14 07:56 . 2008-01-17 01:02 39,936 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-14 07:55 . 2008-01-14 07:55 86,016 --a------ C:\WINDOWS\system32\drivers\mrxdavv.sys
2008-01-14 07:54 . 2008-01-16 02:49 <DIR> d-------- C:\WINDOWS\system32\edcA18
2008-01-14 07:54 . 2008-01-14 07:55 <DIR> d-------- C:\temp\Ryuan1
2008-01-14 07:53 . 2008-01-14 15:26 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-14 07:44 . 2008-01-14 07:44 <DIR> d-------- C:\Program Files\E-Zsoft
2008-01-14 07:32 . 2004-05-25 17:06 417,792 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-01-14 07:32 . 2005-02-27 21:48 356,352 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
2008-01-14 07:32 . 2004-01-10 17:02 258,048 --a------ C:\WINDOWS\system32\GplMpgDec.ax
2008-01-14 07:20 . 2008-01-14 07:21 <DIR> d-------- C:\temp\D--
2008-01-14 07:19 . 2008-01-14 07:19 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2008-01-14 07:18 . 2005-11-21 00:48 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2008-01-14 07:18 . 2005-11-21 00:48 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2008-01-13 16:44 . 2008-01-20 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-13 16:44 . 2008-01-13 16:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-13 16:43 . 2008-01-16 02:56 <DIR> d-------- C:\Program Files\iTunes
2008-01-13 16:43 . 2008-01-13 16:43 <DIR> d-------- C:\Program Files\iPod
2008-01-13 16:40 . 2008-01-16 02:56 <DIR> d-------- C:\Program Files\QuickTime
2008-01-13 16:38 . 2008-01-13 16:38 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-13 16:37 . 2008-01-13 16:37 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-13 16:37 . 2008-01-13 16:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-07 23:16 . 2008-01-07 23:16 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-06 03:29 . 2008-01-06 03:29 <DIR> d-------- C:\Program Files\Full Tilt Poker.Net
2008-01-05 03:24 . 2008-01-05 03:24 <DIR> d-------- C:\Documents and Settings\Owner\PARTYPokerDir
2007-12-21 04:31 . 2007-12-21 04:31 268 --ah----- C:\sqmdata01.sqm
2007-12-21 04:31 . 2007-12-21 04:31 244 --ah----- C:\sqmnoopt01.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-20 19:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-20 19:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 10:12 --------- d-----w C:\Program Files\mIRC
2008-01-20 07:21 --------- d-----w C:\Program Files\PokerStars
2008-01-17 05:11 --------- d-----w C:\Program Files\Symantec
2008-01-17 04:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-16 07:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-01-15 08:13 --------- d-----w C:\Program Files\Google
2008-01-15 08:13 --------- d-----w C:\Program Files\Easy Internet signup
2008-01-14 23:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\Move Networks
2008-01-14 20:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-13 23:57 --------- d-----w C:\Program Files\Sportsbook Poker
2008-01-06 08:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-03 07:30 --------- d-----w C:\Program Files\sportsbook.com lite
2008-01-01 02:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2007-12-23 06:23 --------- d-----w C:\Program Files\Absolute Poker
2007-12-01 04:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 04:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 04:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 04:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 04:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 04:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 04:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 04:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-01-29 02:32 288 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2006-06-04 15:20 389,120 ----a-w C:\Documents and Settings\Owner\remote.exe
.
Code: Select all
<pre>
----a-w           253,952 2008-01-16 07:17:41  C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w            50,736 2008-01-16 07:18:57  C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware .exe
----a-w            71,216 2008-01-16 07:17:52  C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
----a-w            51,048 2008-01-16 07:18:03  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           607,624 2008-01-16 07:18:09  C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW .exe
----a-w         2,863,176 2008-01-17 05:10:58  C:\Program Files\Eyeball\Eyeball Chat\EyeballChat      .exe
----a-w         2,863,176 2008-01-16 07:58:50  C:\Program Files\Eyeball\Eyeball Chat\EyeballChat     .exe
----a-w         2,863,176 2008-01-17 05:12:55  C:\Program Files\Eyeball\Eyeball Chat\EyeballChat    .exe
----a-w         2,863,176 2008-01-17 05:14:14  C:\Program Files\Eyeball\Eyeball Chat\EyeballChat   .exe
----a-w         2,863,176 2008-01-17 05:15:51  C:\Program Files\Eyeball\Eyeball Chat\EyeballChat  .exe
----a-w         2,863,176 2008-01-17 05:17:21  C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe
----a-w            68,856 2008-01-14 23:22:08  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w            49,152 2008-01-16 07:17:28  C:\Program Files\Hp\HP Software Update\HPWuSchd2 .exe
----a-w           233,534 2008-01-16 07:17:35  C:\Program Files\HPQ\Default Settings\cpqset .exe
----a-w           290,816 2008-01-16 07:17:33  C:\Program Files\HPQ\Quick Launch Buttons\EabServr .exe
----a-w           267,048 2008-01-16 07:18:00  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            36,972 2008-01-16 07:17:17  C:\Program Files\Java\jre1.5.0\bin\jusched .exe
----a-w           714,608 2008-01-16 07:18:22  C:\Program Files\Norton Internet Security\osCheck .exe
----a-w           286,720 2008-01-16 08:01:38  C:\Program Files\QuickTime\QTTask            .exe
----a-w           648,192 2008-01-16 07:51:14  C:\Program Files\QuickTime\QTTask           .exe
----a-w           286,720 2008-01-17 05:37:45  C:\Program Files\QuickTime\QTTask          .exe
----a-w           286,720 2008-01-17 05:37:46  C:\Program Files\QuickTime\QTTask         .exe
----a-w           286,720 2008-01-17 05:37:47  C:\Program Files\QuickTime\QTTask        .exe
----a-w           286,720 2008-01-17 05:37:49  C:\Program Files\QuickTime\QTTask       .exe
----a-w           286,720 2008-01-17 05:37:52  C:\Program Files\QuickTime\QTTask      .exe
----a-w           286,720 2008-01-17 05:37:55  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-17 05:37:57  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-17 05:38:00  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-17 05:38:02  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-17 05:38:04  C:\Program Files\QuickTime\QTTask .exe
----a-w            26,112 2008-01-14 23:38:02  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w           688,218 2008-01-16 07:17:29  C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w            98,394 2008-01-16 07:17:21  C:\Program Files\Synaptics\SynTP\SynTPLpr .exe
----a-w         4,670,704 2008-01-17 05:43:16  C:\Program Files\Yahoo!\Messenger\YAHOOM~1      .EXE
----a-w         4,670,704 2008-01-17 05:43:24  C:\Program Files\Yahoo!\Messenger\YAHOOM~1     .EXE
----a-w         4,670,704 2008-01-17 05:43:34  C:\Program Files\Yahoo!\Messenger\YAHOOM~1    .EXE
----a-w         4,670,704 2008-01-17 05:43:44  C:\Program Files\Yahoo!\Messenger\YAHOOM~1   .EXE
----a-w         4,670,704 2008-01-17 05:43:54  C:\Program Files\Yahoo!\Messenger\YAHOOM~1  .EXE
----a-w         4,670,704 2008-01-17 05:44:05  C:\Program Files\Yahoo!\Messenger\YAHOOM~1 .EXE
----a-w           224,248 2008-01-16 07:18:31  C:\Program Files\Yahoo!\Search Protection\SearchProtection .exe
----a-w           126,976 2008-01-16 07:17:09  C:\WINDOWS\system32\hkcmd .exe
----a-w           155,648 2008-01-16 07:16:57  C:\WINDOWS\system32\igfxtray .exe
</pre>



-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1F3F061D-44FE-44CD-82A4-34C8B71CD340}]
C:\Program Files\MSN Gaming Zone\niqyre4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{24D25449-7789-44D1-8403-B0D02CAE6407}]
C:\Program Files\MSN Gaming Zone\niqyre83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e638f80-a2f7-4327-a345-9ffb8660d418}]
C:\WINDOWS\system32\bsupnno.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2007-08-24 22:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-01-16 02:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9F231D4F-890C-479E-53BE-0F8C5FD09712}]
C:\Program Files\Movie Maker\ryciludy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 22:51 316784]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eyeball Chat"="C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe" [ ]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .exe" [ ]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-16 02:58 584192]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-16 02:58 491008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-16 02:58 462336]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0\bin\jusched.exe" [2008-01-16 02:59 372224]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2008-01-16 02:59 435200]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-16 02:59 1042944]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2008-01-16 02:58 385536]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2008-01-16 02:58 655872]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2008-01-16 02:58 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2008-01-16 02:58 253952]
"hpWirelessAssistant"="C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-01-21 15:40 790528]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2008-01-16 02:58 71216]
"HostManager"="C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware.exe" [2008-01-16 02:58 411648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-16 03:01 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-16 02:59 692736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-16 02:58 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-01-16 03:03 714608]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 08:22 25472]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Movie Maker\vilozowui.html
FriendlyName=

R1 mrxdavv;mrxdavv;C:\WINDOWS\system32\drivers\mrxdavv.sys [2008-01-14 07:55]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" [2007-08-25 00:07]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 08:17]
R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 15:55]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-03 21:43]
S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2007-08-09 19:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21aac494-f436-11db-9b9f-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-01-13 17:36:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-16 07:32:11 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Owner.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-01-17 05:09:37 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-20 23:10:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?1?1?1??@???? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-20 23:16:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-21 04:16:28
.
2008-01-17 12:33:18 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:34 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\program files\common files\aol\1176546546\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1176546546\ee\aolsoftware.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F3F061D-44FE-44CD-82A4-34C8B71CD340} - C:\Program Files\MSN Gaming Zone\niqyre4444.dll (file missing)
O2 - BHO: (no name) - {24D25449-7789-44D1-8403-B0D02CAE6407} - C:\Program Files\MSN Gaming Zone\niqyre83122.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5e638f80-a2f7-4327-a345-9ffb8660d418} - C:\WINDOWS\system32\bsupnno.dll (file missing)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: 0 - {9F231D4F-890C-479E-53BE-0F8C5FD09712} - C:\Program Files\Movie Maker\ryciludy.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176546546\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKCU\..\Run: [Eyeball Chat] "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat .exe" -min
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Owner\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.sparkpea.net/controls/msnchat45.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Movie Maker\vilozowui.html

--
End of file - 12335 bytes
njdrummer
Regular Member
 
Posts: 15
Joined: January 17th, 2008, 3:01 pm

Re: Hi - New here having some malware/popup problems

Unread postby ndmmxiaomayi » January 22nd, 2008, 9:17 am

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System

Image

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not reboot your machine until we have reviewed the log.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Hi - New here having some malware/popup problems

Unread postby njdrummer » January 22nd, 2008, 1:36 pm

When is the best time to do this - I want to do it while you are somewhat available so i don't have to leave my
laptop running for days..Thanks!! I have downloaded the file from Microsoft just have to drop it into combofix...

Bill
njdrummer
Regular Member
 
Posts: 15
Joined: January 17th, 2008, 3:01 pm

Re: Hi - New here having some malware/popup problems

Unread postby ndmmxiaomayi » January 22nd, 2008, 1:53 pm

I'm living in Singapore. Time is GMT + 8, so it's 1.50am now. I'll be around from 11am onwards (Singapore's time).
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Hi - New here having some malware/popup problems

Unread postby ndmmxiaomayi » January 22nd, 2008, 10:36 pm

A ping for you. I'm around now. :)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Hi - New here having some malware/popup problems

Unread postby njdrummer » January 23rd, 2008, 12:25 am

wow international help - NICE! :) Its currently 11:25 pm on Tuesday here...from what I gather you are 13 hours ahead of me so its about 12:25 pm Wednesday where you are...I'm online for a while...hopefully we can sync up soon...I also have yahoo messenger - my yahoo messenger ID is removed to prevent spambot harvesting, admin so you can message me there too if you like. Thanks for helping me with this - I appreciate it very much...

Bill
njdrummer
Regular Member
 
Posts: 15
Joined: January 17th, 2008, 3:01 pm

Re: Hi - New here having some malware/popup problems

Unread postby ndmmxiaomayi » January 23rd, 2008, 2:35 am

Hopefully. It shouldn't be too hard.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Hi - New here having some malware/popup problems

Unread postby njdrummer » January 23rd, 2008, 3:30 am

I'm on right now
njdrummer
Regular Member
 
Posts: 15
Joined: January 17th, 2008, 3:01 pm

Re: Hi - New here having some malware/popup problems

Unread postby njdrummer » January 23rd, 2008, 3:32 am

my email and yahoo id is njdrummer34...email or shoot me a message on messenger...
njdrummer
Regular Member
 
Posts: 15
Joined: January 17th, 2008, 3:01 pm

Re: Hi - New here having some malware/popup problems

Unread postby ndmmxiaomayi » January 23rd, 2008, 7:53 am

Hi,

Help is only on the from the forums.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Hi - New here having some malware/popup problems

Unread postby njdrummer » January 23rd, 2008, 2:13 pm

Ok...I will do this procedure tonight and leave my machine running until you review the log...
njdrummer
Regular Member
 
Posts: 15
Joined: January 17th, 2008, 3:01 pm

Re: Hi - New here having some malware/popup problems

Unread postby njdrummer » January 24th, 2008, 4:49 am

OK here is the new log as requested. I'm leaving my laptop on until further instructed. Again thanks very much for your help...

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
njdrummer
Regular Member
 
Posts: 15
Joined: January 17th, 2008, 3:01 pm

Re: Hi - New here having some malware/popup problems

Unread postby ndmmxiaomayi » January 24th, 2008, 7:52 am

You can restart your computer now while I write up a fix for you.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware