Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

malwarebytes did not help. still have antivirus2009

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

malwarebytes did not help. still have antivirus2009

Unread postby handsomematt » December 5th, 2008, 10:07 pm

I have the antivirus2009 virus and can't shake it. I've run AVG, Registry Mechanic, Spy Bot, Adaware, and finally Malwarebytes but none can shake this thing. I've done each scan on standard boot and on safe boot and while the problem goes away temporarily, within 25 url changes the virus takes hold again.

Any help would be greatly appreciated. Thanks in advance!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:28 PM, on 12/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=66016
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66016
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1100e894-bbcd-4ab8-a80a-0263a113786c} - C:\WINDOWS\system32\zidekebe.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\yobayeye.dll",s
O4 - HKLM\..\Run: [CPM031e4ca0] Rundll32.exe "c:\windows\system32\sokawuge.dll",a
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [mogiluhehe] Rundll32.exe "C:\WINDOWS\system32\yobayeye.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\famatoge.dll C:\WINDOWS\system32\mobeteda.dll c:\windows\system32\sokawuge.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sokawuge.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sokawuge.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13194 bytes
handsomematt
Active Member
 
Posts: 7
Joined: December 5th, 2008, 9:57 pm
Advertisement
Register to Remove

Re: malwarebytes did not help. still have antivirus2009

Unread postby MikeSwim07 » December 6th, 2008, 8:45 am

Hello, and Image to the Malware Removal forums.
My name is Michael I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happen.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please note: All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Thanks, Michael
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: malwarebytes did not help. still have antivirus2009

Unread postby handsomematt » December 6th, 2008, 3:56 pm

32 Bit HP CIO Components Installer
3D Ultra Pinball Thrillride
Ad-Aware
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
All Sound Recorder XP 2.28
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
ArcSoft Funhouse
Audio Editor Pro 2.93
AVG 7.5
Azureus Vuze
Bluetooth Stack for Windows by Toshiba
Bonjour
Brother MFL Pro Suite
CD/DVD Drive Acoustic Silencer
C-Dilla Licence Management System
DivX Converter
DivX Player
DivX Web Player
DVD-RAM Driver
Flickr Uploadr 2.5.0.15
Flock (2.0.2)
Free Fire Screensaver
Free WMA to MP3 Converter 1.08
Google Earth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
honestech Video Editor
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterActual Player
InterVideo DeviceService
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Lexmark Z600 Series
Macromedia Flash Player 8
Magic AAC to MP3 Converter 3.7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.18)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Multi-Function Suite
MySpaceIM
Mystery P.I. - The New York Fortune
Mystery P.I. - The Vegas Heist
Nero 7
neroxml
Netscape Navigator (9.0.0.6)
Office 2003 Trial Assistant
OpenOffice.org Installer 1.0
PaperPort 8.0 SE
PokerStars
QuickTime
Realtek High Definition Audio Driver
Registry Mechanic 7.0
Safari
SD Secure Module
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Skype 3.0
Skype Plugin Manager
SmartSound Quicktracks Plugin
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Ulead DVD MovieFactory 5
Uniblue RegistryBooster 2
Uniblue SpeedUpMyPC 3
Uniblue SpyEraser
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update Rollup 2 for Windows XP Media Center Edition 2005
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WinPcap 3.1
WinRAR archiver
handsomematt
Active Member
 
Posts: 7
Joined: December 5th, 2008, 9:57 pm

Re: malwarebytes did not help. still have antivirus2009

Unread postby MikeSwim07 » December 7th, 2008, 9:14 am

Download and Run ComboFix

Please visit this webpage for instructions for downloading ComboFix at your DESKTOP :
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.

Additional links to download the tool:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found here.
    The ones that need to be closed/disabled are:
    AVG7

  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

Please Re-enable AVG after running comboFix. If you need help, please ask me.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: malwarebytes did not help. still have antivirus2009

Unread postby handsomematt » December 7th, 2008, 3:08 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:22 AM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12001 bytes


ComboFix 08-12-06.06 - owner 2008-12-07 10:51:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.121 [GMT -8:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\owner\Application Data\Adssite Advanced Toolbar
c:\documents and settings\owner\Application Data\Adssite Advanced Toolbar\selected.xml
c:\program files\Adssite Advanced Toolbar
c:\windows\IE4 Error Log.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\bihorugi.dll
c:\windows\system32\dejufedu.dll
c:\windows\system32\dezudesu.dll
c:\windows\system32\jafayejo.dll
c:\windows\system32\jobimimi.dll
c:\windows\system32\lamujoto.dll
c:\windows\system32\majubilu.dll
c:\windows\system32\mobeteda.dll
c:\windows\system32\nosadepu.dll
c:\windows\system32\tazobogi.dll
c:\windows\system32\vikewami.dll
c:\windows\system32\viwafinu.dll
c:\windows\system32\vuyinapa.dll
c:\windows\system32\yohefaha.dll
c:\windows\system32\zidekebe.dll

----- BITS: Possible infected sites -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-06 23:39 . 2008-12-06 23:39 1,428,212 ---hs---- c:\windows\system32\ahafehoy.ini
2008-12-06 11:39 . 2008-12-06 11:39 1,428,212 ---hs---- c:\windows\system32\otojumal.ini
2008-12-04 17:32 . 2008-12-04 17:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-03 16:29 . 2008-12-03 16:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-30 19:49 . 2008-11-30 19:49 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 19:48 . 2008-12-03 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 18:56 . 2008-12-06 23:49 <DIR> d-------- c:\program files\Flock
2008-11-27 10:08 . 2008-11-27 10:08 1,590,546 ---hs---- c:\windows\system32\ateyanun.ini
2008-11-26 21:26 . 2008-12-03 16:27 <DIR> d-------- c:\program files\Mystery P.I. - The Vegas Heist
2008-11-25 17:51 . 2008-12-03 16:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 17:51 . 2008-11-25 17:51 <DIR> d-------- c:\documents and settings\owner\Application Data\Malwarebytes
2008-11-25 17:51 . 2008-11-25 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 17:51 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 17:51 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 12:36 . 2008-11-23 12:36 <DIR> d-------- C:\My Games
2008-11-16 22:14 . 2008-11-16 22:14 <DIR> d-------- c:\documents and settings\owner\Application Data\SpinTop Games
2008-11-16 22:13 . 2008-11-16 22:13 <DIR> d-------- c:\program files\Mystery P.I. - The New York Fortune
2008-11-14 17:37 . 2008-11-14 17:37 <DIR> d-------- c:\program files\Free Fire Screensaver
2008-11-14 17:37 . 2008-11-14 17:37 <DIR> d-------- c:\documents and settings\owner\Application Data\Laconic Software
2008-11-11 15:49 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 15:48 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 00:46 --------- d-----w c:\documents and settings\owner\Application Data\Azureus
2008-12-04 00:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-04 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
2008-12-03 01:00 --------- d-----w c:\documents and settings\owner\Application Data\AVG7
2008-12-02 23:59 --------- d-----w c:\documents and settings\owner\Application Data\HPAppData
2008-11-27 05:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 20:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 20:36 --------- d-----w c:\program files\Real
2008-11-23 19:44 --------- d-----w c:\program files\Azureus
2008-11-06 20:15 --------- d-----w c:\documents and settings\owner\Application Data\Move Networks
2008-10-25 21:31 --------- d-----w c:\program files\DivX
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-02-10 01:03 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2008-01-20 07:00 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-09-04 21:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-27 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

c:\documents and settings\owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Netscape\\Navigator 9\\navigator.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\control.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6879:TCP"= 6879:TCP:10.0.0.65/255.255.255.255:Enabled:Azureus

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2006-12-07 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2006-12-07 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2006-12-07 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2006-12-07 10368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-08-06 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2007-11-20 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2007-11-20 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-10-16 09:26]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1100e894-bbcd-4ab8-a80a-0263a113786c} - c:\windows\system32\zidekebe.dll
Toolbar-SITEguard - (no file)
HKLM-Run-mogiluhehe - c:\windows\system32\yobayeye.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/?tbid=66016
mStart Page =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx

O16 -: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://ecampus.phoenix.edu/secure/PhxStudent15.CAB
FireFox -: Profile - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\dvfocdmv.Default User\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.crawler.com/?tbid=66016
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-07 10:56:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDANTSRV.EXE
c:\windows\system32\TPSBattM.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\ehome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\CFXFER.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-07 11:01:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-07 19:01:31

Pre-Run: 87,321,845,760 bytes free
Post-Run: 87,302,152,192 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

257 --- E O F --- 2008-11-13 00:18:17
handsomematt
Active Member
 
Posts: 7
Joined: December 5th, 2008, 9:57 pm

Re: malwarebytes did not help. still have antivirus2009

Unread postby MikeSwim07 » December 8th, 2008, 7:17 pm

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

Code: Select all
File::
c:\windows\system32\ahafehoy.ini
c:\windows\system32\otojumal.ini
c:\windows\system32\ateyanun.ini


Folder::
c:\documents and settings\owner\Application Data\Azureus
c:\program files\Azureus

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\StubInstaller.exe"=-
"c:\\Program Files\\Azureus\\Azureus.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6879:TCP"=-



Save it to your desktop as CFScript.txt

Refering to the picture below, drag CFScript.txt into ComboFix.exe
Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post this log and a new Hijackthis log on your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: malwarebytes did not help. still have antivirus2009

Unread postby handsomematt » December 8th, 2008, 8:57 pm

ComboFix 08-12-07.04 - owner 2008-12-08 16:49:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.227 [GMT -8:00]
Running from: c:\documents and settings\owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\ahafehoy.ini
c:\windows\system32\ateyanun.ini
c:\windows\system32\otojumal.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\owner\Application Data\Azureus
c:\documents and settings\owner\Application Data\Azureus\.certs
c:\documents and settings\owner\Application Data\Azureus\.keystore
c:\documents and settings\owner\Application Data\Azureus\.lock
c:\documents and settings\owner\Application Data\Azureus\active\cache.dat
c:\documents and settings\owner\Application Data\Azureus\azureus.config
c:\documents and settings\owner\Application Data\Azureus\azureus.config.bak
c:\documents and settings\owner\Application Data\Azureus\azureus.statistics
c:\documents and settings\owner\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\owner\Application Data\Azureus\banips.config
c:\documents and settings\owner\Application Data\Azureus\banips.config.bak
c:\documents and settings\owner\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\owner\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\owner\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\owner\Application Data\Azureus\dht\general.dat
c:\documents and settings\owner\Application Data\Azureus\dht\version.dat
c:\documents and settings\owner\Application Data\Azureus\downloads.config
c:\documents and settings\owner\Application Data\Azureus\downloads.config.bak
c:\documents and settings\owner\Application Data\Azureus\filters.config
c:\documents and settings\owner\Application Data\Azureus\friends.config
c:\documents and settings\owner\Application Data\Azureus\friends.config.bak
c:\documents and settings\owner\Application Data\Azureus\ipfilter.cache
c:\documents and settings\owner\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\AutoSpeed_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\AutoSpeed_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\Friends_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_Engine_6.txt
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_Engine_7.txt
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_Engine_8.txt
c:\documents and settings\owner\Application Data\Azureus\logs\MetaSearch_Engine_9.txt
c:\documents and settings\owner\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_alerts_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_AutoSpeed_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_AutoSpeed_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_AutoSpeedSearchHistory_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_clientid_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_debug_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_debug_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_Friends_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_Friends_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_Engine_3.txt
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_Engine_4.txt
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_Engine_5.txt
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_Engine_6.txt
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_Engine_7.txt
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_Engine_8.txt
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_MetaSearch_Engine_9.txt
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_NetStatus_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_seltrace_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_seltrace_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_SpeedMan_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_SpeedMan_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_Subscriptions_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_thread_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_thread_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.ads_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.CMsgr_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.CMsgr_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.Friends_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.Friends_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.MD_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.PMsgr_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.PMsgr_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.Stream_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\save\1228609575062_v3.STres_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\SpeedMan_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\SpeedMan_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.CMsgr_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.Friends_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.PMsgr_2.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\owner\Application Data\Azureus\logs\v3.STres_1.log
c:\documents and settings\owner\Application Data\Azureus\metasearch.config
c:\documents and settings\owner\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\owner\Application Data\Azureus\net\pm_10538.dat
c:\documents and settings\owner\Application Data\Azureus\net\pm_33490.dat
c:\documents and settings\owner\Application Data\Azureus\net\pm_33650.dat
c:\documents and settings\owner\Application Data\Azureus\net\pm_6198.dat
c:\documents and settings\owner\Application Data\Azureus\net\pm_7385.dat
c:\documents and settings\owner\Application Data\Azureus\net\pm_7782.dat
c:\documents and settings\owner\Application Data\Azureus\net\pm_8047.dat
c:\documents and settings\owner\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\owner\Application Data\Azureus\sidebarauto.config
c:\documents and settings\owner\Application Data\Azureus\subs\1E13AA0BF83ABC8E9812.vuze
c:\documents and settings\owner\Application Data\Azureus\subs\447229A3A371779E8871.vuze
c:\documents and settings\owner\Application Data\Azureus\subs\7121CFED9C398458EF19.vuze
c:\documents and settings\owner\Application Data\Azureus\subs\737553100CB057ACF094.vuze
c:\documents and settings\owner\Application Data\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\documents and settings\owner\Application Data\Azureus\subs\A2D1735CA62F937A1F14.vuze
c:\documents and settings\owner\Application Data\Azureus\subs\ABF9516CE2871C653A09.vuze
c:\documents and settings\owner\Application Data\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\documents and settings\owner\Application Data\Azureus\subscriptions.config
c:\documents and settings\owner\Application Data\Azureus\tables.config
c:\documents and settings\owner\Application Data\Azureus\tables.config.bak
c:\documents and settings\owner\Application Data\Azureus\timingstats.dat
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25442.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25443.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25444.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25445.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25446.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25447.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25448.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25449.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25452.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\AZU25453.tmp
c:\documents and settings\owner\Application Data\Azureus\tmp\speedTestTorrent.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\[isoHunt] download.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\[isoHunt] Howard Stern Music Special(complete).mp3.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\[isoHunt] Howard Stern On Sirius-October2006-Full Month.1229570.SN.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\_Chaos.Theory[2007]DvDrip.AC3-aXXo.4222934.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\08-21-2008 Howard Stern Showwrapupnews Stereo CF YTT (You Miss Nothing) 80k einstern_ST1715823.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\09-09-2008 Howard Stern Showwrapupnews Stereo CF YTT (You Miss Nothing) 80k einstern_ST1787140.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\1605182
c:\documents and settings\owner\Application Data\Azureus\torrents\1794164
c:\documents and settings\owner\Application Data\Azureus\torrents\American_Gangster[2007][Unrated_Edition]DvDrip[Eng]-FXG.4007713.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Ashley_Brookes_-_Hot_Blonde_Teen_webcam_and_washing_machine_masturbation.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Ashley_Brookes_-_Hot_Blonde_Teen_webcam_and_washing_machine_masturbation[www.btmon.com].torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Ashley_Brookes_-_Masturbates_Her_Wet_Pussy_in_Laundry_Room_porn[www.btmon.com].torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\AZU26499.tmp
c:\documents and settings\owner\Application Data\Azureus\torrents\AZU27112.tmp
c:\documents and settings\owner\Application Data\Azureus\torrents\AZU44358.tmp
c:\documents and settings\owner\Application Data\Azureus\torrents\AZU45516.tmp
c:\documents and settings\owner\Application Data\Azureus\torrents\AZU45521.tmp
c:\documents and settings\owner\Application Data\Azureus\torrents\AZU47965.tmp
c:\documents and settings\owner\Application Data\Azureus\torrents\AZU50434.tmp
c:\documents and settings\owner\Application Data\Azureus\torrents\Casino_Royale.DVDrip_JamPack-MP4.3615154.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Chaos.Theory[2007]DvDrip.AC3-aXXo.4222934.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Fletch_(1985)_DVDrip_DivX_[moVieVaultVision].avi.3870468.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Flickr Uploadr.lnk
c:\documents and settings\owner\Application Data\Azureus\torrents\German_Teen_Strip___Masterbation.avi.4131857.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Hannah.Montana.Season.1-Part.1_(1x01.to.1x05).3835876.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Hannah_Montana_Pictures.3852978.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Howard Stern - 09-09-08 + Wrap Up 64k.mp3.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Howard Stern Show Full May 06 Complete 24k 2006 [www.Fulldls.com].torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Howard Stern Show 9-11-01 WTC attack.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Howard_Stern_-_All_Sirius_Shows_to_3_17_06_-_MP3_CBR_56___64_kbp.3459289.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Howard_Stern_On_Sirius_January_2006_FIRST_Full_Month_On_Sirius__.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\HOWARD_STERN_SHOW_6-25-2008___WRAP_UP_Show_128K_MP3_CF.4260064.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Jay-Z.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Jay_Z_Discography.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Jumper_2008_-_.avi.4037143.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Leatherheads_2008_DvDrip_aXXo.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Limp_Bizkit_1997_2005__320kbps_MP3_.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Made_Of_Honor_2008_DvDrip_aXXo.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\National.Lampoon.One.Two.Many.DVDrip.Xvid.Mp3.[SuB].avi.4177499.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\National.Lampoon__s.Barely.Legal.2005.DVDRip.SVCD-OneDisc.3500866.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Never_Back_Down_2008_DvDrip_aXXo.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Ocean_s_13[2007]DvDrip[Eng]-aXXo.3886936.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Pirates.Of.The.Caribbean.III.2007.DvDRip.Eng-FxM.3846226.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\Satan____s_School_for_Lust_(2002_unrated_DVDRip_Xvid).4163797.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\That__70s_Show_Complete_RESEED.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\That_70s_Show_Season_1.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\The Beatles Discography 1958-2003 38 CD ([Lossy mp3 320 kbps] pop_ST1565115.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\The_Love_Guru_2008_DvDrip_aXXo.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\The_Music_of_Howard_Stern__25_Years_of_Music_From_____The_Howard.3756991.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\torrents\The_Office.4x11.Night_Out.REPACK.HDTV_XviD.4155947.TPB.torrent
c:\documents and settings\owner\Application Data\Azureus\tracker.config
c:\documents and settings\owner\Application Data\Azureus\tracker.config.bak
c:\documents and settings\owner\Application Data\Azureus\unsentdata.config
c:\documents and settings\owner\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\owner\Application Data\Azureus\update.log
c:\documents and settings\owner\Application Data\Azureus\update.properties
c:\documents and settings\owner\Application Data\Azureus\upnp_trace1.log
c:\documents and settings\owner\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\owner\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\owner\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\owner\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\Azureus
c:\program files\Azureus\.install4j\_shfoldr.dll
c:\program files\Azureus\.install4j\autoUninstall.0
c:\program files\Azureus\.install4j\files.log
c:\program files\Azureus\.install4j\i4j_extf_0_5p83tu.utf8
c:\program files\Azureus\.install4j\i4j_extf_1_5p83tu_jhp9vg.png
c:\program files\Azureus\.install4j\i4j_extf_2_5p83tu.txt
c:\program files\Azureus\.install4j\i4j_extf_3_5p83tu_1kde336.ico
c:\program files\Azureus\.install4j\i4j_extf_4_5p83tu_62t8mu.icns
c:\program files\Azureus\.install4j\i4jdel.exe
c:\program files\Azureus\.install4j\i4jinst.dll
c:\program files\Azureus\.install4j\i4jparams.conf
c:\program files\Azureus\.install4j\i4jruntime.jar
c:\program files\Azureus\.install4j\inst_jre.cfg
c:\program files\Azureus\.install4j\install.prop
c:\program files\Azureus\.install4j\installation.log
c:\program files\Azureus\.install4j\installer16.png
c:\program files\Azureus\.install4j\installer32.png
c:\program files\Azureus\.install4j\installerHeader.png
c:\program files\Azureus\.install4j\MessagesDefault
c:\program files\Azureus\.install4j\response.varfile
c:\program files\Azureus\.install4j\unicows.dll
c:\program files\Azureus\.install4j\uninstallerHeader.png
c:\program files\Azureus\.install4j\user.jar
c:\program files\Azureus\aereg.dll
c:\program files\Azureus\Azureus.exe
c:\program files\Azureus\Azureus.exe.manifest
c:\program files\Azureus\Azureus.properties
c:\program files\Azureus\Azureus2.jar
c:\program files\Azureus\AzureusUpdater.exe
c:\program files\Azureus\GPL.txt
c:\program files\Azureus\hs_err_pid1388.log
c:\program files\Azureus\installer.log
c:\program files\Azureus\msvcr71.dll
c:\program files\Azureus\plugins\azemp\azemp_1.9.11.jar
c:\program files\Azureus\plugins\azemp\azemp_1.9.11.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.11.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.14.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.14.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.16.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.16.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.28.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.28.zip
c:\program files\Azureus\plugins\azemp\azemp_2.0.32.jar
c:\program files\Azureus\plugins\azemp\azemp_2.0.32.zip
c:\program files\Azureus\plugins\azemp\azmplay.exe
c:\program files\Azureus\plugins\azemp\azmplay.exe.bak
c:\program files\Azureus\plugins\azemp\azureus.sig
c:\program files\Azureus\plugins\azemp\cp1250-a.raw
c:\program files\Azureus\plugins\azemp\cp1250-a.raw.bak
c:\program files\Azureus\plugins\azemp\cp1250-b.raw
c:\program files\Azureus\plugins\azemp\cp1250-b.raw.bak
c:\program files\Azureus\plugins\azemp\font.desc
c:\program files\Azureus\plugins\azemp\font.desc.bak
c:\program files\Azureus\plugins\azemp\osd-mplayer-a.raw
c:\program files\Azureus\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Azureus\plugins\azemp\osd-mplayer-b.raw
c:\program files\Azureus\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Azureus\plugins\azemp\plugin.properties
c:\program files\Azureus\plugins\azemp\plugin.properties_1.9.11
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.14
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.16
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.28
c:\program files\Azureus\plugins\azemp\plugin.properties_2.0.32
c:\program files\Azureus\plugins\azplugins\azplugins_2.1.6.jar
c:\program files\Azureus\plugins\azrating\azrating_1.3.1.jar
c:\program files\Azureus\plugins\azupdater\azupdaterpatcher_1.8.8.jar
c:\program files\Azureus\plugins\azupdater\azureus.sig
c:\program files\Azureus\plugins\azupdater\plugin.properties
c:\program files\Azureus\plugins\azupdater\Updater.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
c:\program files\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
c:\program files\Azureus\plugins\azupnpav\azureus.sig
c:\program files\Azureus\plugins\azupnpav\plugin.properties
c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.1
c:\program files\Azureus\plugins\azupnpav\plugin.properties_0.2.2
c:\program files\Azureus\swt.jar
c:\program files\Azureus\TOS.txt
c:\program files\Azureus\uninstall.exe
c:\windows\system32\ahafehoy.ini
c:\windows\system32\ateyanun.ini
c:\windows\system32\otojumal.ini

.
((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-04 17:32 . 2008-12-04 17:32 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-12-03 16:29 . 2008-12-03 16:29 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-03 16:28 . 2008-12-03 16:28 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-11-30 19:49 . 2008-11-30 19:49 <DIR> d-------- c:\program files\Lavasoft
2008-11-30 19:48 . 2008-12-03 16:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-30 18:56 . 2008-12-06 23:49 <DIR> d-------- c:\program files\Flock
2008-11-26 21:26 . 2008-12-03 16:27 <DIR> d-------- c:\program files\Mystery P.I. - The Vegas Heist
2008-11-25 17:51 . 2008-12-03 16:29 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-25 17:51 . 2008-11-25 17:51 <DIR> d-------- c:\documents and settings\owner\Application Data\Malwarebytes
2008-11-25 17:51 . 2008-11-25 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-25 17:51 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-25 17:51 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-23 12:36 . 2008-11-23 12:36 <DIR> d-------- C:\My Games
2008-11-16 22:14 . 2008-11-16 22:14 <DIR> d-------- c:\documents and settings\owner\Application Data\SpinTop Games
2008-11-16 22:13 . 2008-11-16 22:13 <DIR> d-------- c:\program files\Mystery P.I. - The New York Fortune
2008-11-14 17:37 . 2008-11-14 17:37 <DIR> d-------- c:\program files\Free Fire Screensaver
2008-11-14 17:37 . 2008-11-14 17:37 <DIR> d-------- c:\documents and settings\owner\Application Data\Laconic Software
2008-11-11 15:49 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 15:48 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-04 00:28 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-04 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\SpinTop Games
2008-12-03 01:00 --------- d-----w c:\documents and settings\owner\Application Data\AVG7
2008-12-02 23:59 --------- d-----w c:\documents and settings\owner\Application Data\HPAppData
2008-11-27 05:12 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-23 20:36 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 20:36 --------- d-----w c:\program files\Real
2008-11-06 20:15 --------- d-----w c:\documents and settings\owner\Application Data\Move Networks
2008-10-25 21:31 --------- d-----w c:\program files\DivX
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-16 00:14 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-16 00:14 129,784 ------w c:\windows\system32\pxafs.dll
2008-09-16 00:14 120,056 ------w c:\windows\system32\pxcpyi64.exe
2008-09-16 00:14 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-09-16 00:12 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w c:\windows\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-02-10 01:03 0 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2008-01-20 07:00 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-09-04 21:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090420080905\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-07_11.00.51.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-19 06:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 22:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-27 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-27 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-27 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-25 219136]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

c:\documents and settings\owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2003-08-06 51776]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Netscape\\Navigator 9\\navigator.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\WINDOWS\\system32\\control.exe"=
"c:\\WINDOWS\\system32\\igfxsrvc.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=

S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\Drivers\Brfilt.sys [2006-12-07 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\Drivers\BrSerWdm.sys [2006-12-07 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\Drivers\BrUsbMdm.sys [2006-12-07 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\Drivers\BrUsbScn.sys [2006-12-07 10368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2008-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-08-06 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2007-11-20 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 10:13]

2007-11-20 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2007-10-16 09:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.crawler.com/?tbid=66016
mStart Page =
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\stg_drm.ocx - c:\windows\Downloaded Program Files\CONFLICT.1\stg_drm.ocx
O16 -: {149E45D8-163E-4189-86FC-45022AB2B6C9}
file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx

O16 -: {A82C3A33-5C0E-466C-B020-71585433A7E4} - hxxps://ecampus.phoenix.edu/secure/PhxStudent15.CAB
FireFox -: Profile - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\dvfocdmv.Default User\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.crawler.com/?tbid=66016
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-08 16:51:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-08 16:53:14
ComboFix-quarantined-files.txt 2008-12-09 00:52:32
ComboFix2.txt 2008-12-07 19:01:44

Pre-Run: 87,350,562,816 bytes free
Post-Run: 87,322,783,744 bytes free

494 --- E O F --- 2008-11-13 00:18:17





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:01 PM, on 12/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11783 bytes
handsomematt
Active Member
 
Posts: 7
Joined: December 5th, 2008, 9:57 pm

Re: malwarebytes did not help. still have antivirus2009

Unread postby MikeSwim07 » December 9th, 2008, 8:00 pm

How is everything running now?

Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: malwarebytes did not help. still have antivirus2009

Unread postby handsomematt » December 10th, 2008, 7:42 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 10, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 10, 2008 16:18:28
Records in database: 1450104
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 87631
Threat name: 3
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 02:19:40


File name / Threat name / Threats count
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-4bf6f14a.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-5ed18f4e.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-33ca7822.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-44339d60.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-5deb5759.zip Infected: Exploit.Java.Gimsh.b 1
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-67f5caaf.zip Infected: Trojan-Downloader.Java.OpenStream.ab 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\jobimimi.dll.vir Infected: Trojan.Win32.Monder.aavx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\nosadepu.dll.vir Infected: Trojan.Win32.Monder.aavx 1
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP2\A0000012.dll Infected: Trojan.Win32.Monder.aavx 1
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP2\A0000016.dll Infected: Trojan.Win32.Monder.aavx 1

The selected area was scanned.
handsomematt
Active Member
 
Posts: 7
Joined: December 5th, 2008, 9:57 pm

Re: malwarebytes did not help. still have antivirus2009

Unread postby MikeSwim07 » December 11th, 2008, 8:11 pm

Delete bad files and/or folders

Use Explorer to navigate to and delete the following files and/or folders (if they are present):

Files:
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-3ad601a5-4bf6f14a.zip
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-5efd1945-5ed18f4e.zip
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-33ca7822.zip
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-44339d60.zip
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-b825669-5deb5759.zip
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-4b9c0e39-67f5caaf.zip

Remove bad HijackThis entries
  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crawler.com/?tbid=66016
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=66016
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 11.
  • Go to http://java.sun.com/javase/downloads/index.jsp
  • Go to Java Runtime Environment (JRE) 6 Update 11 and click on Download button.
  • In the Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Online Installation, click on the link under it which says "jre-6u11-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Please post a new Hijackthis log, How is everything running now?
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: malwarebytes did not help. still have antivirus2009

Unread postby handsomematt » December 12th, 2008, 10:29 pm

Everything has actually been running fine for the past couple posts, thank you! I haven't been getting any pop ups and nothing is freezing or getting sluggish like it was.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:14 PM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20Vegas%20Heist/Images/stg_drm.ocx
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://ecampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11745 bytes
handsomematt
Active Member
 
Posts: 7
Joined: December 5th, 2008, 9:57 pm

Re: malwarebytes did not help. still have antivirus2009

Unread postby MikeSwim07 » December 13th, 2008, 11:29 pm

This is my normal post for when you are clear - which you now are - or seem to be.
Please advise of any problems you still have. If you think you're clean please give one more reply so that I can archive this topic.

Now that you are clean, I have some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are optional.

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:

  • Uninstall tools - The following will not only uninstall ComboFix but also clean up some other dangerous tools and backups, clean up the System Restore points and hide the system files.
    • Go to Start
    • Click on Run
    • Type ComboFix /u

    You may delete any logs left on the desktop.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. I also noticed that you still have AVG version 7, please visit this website to update to AVG 8, http://free.avg.com/download?prd=afe
  • Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
    WinPatrol
    The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.
  • Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    For information on how to download and install, please read this tutorial here:
    WinHelp2002
    Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
  • Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
    Firefox << Most used, I use this one myself.
    Opera
  • Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
    Help! My computer is slow
    Slow Computer? Check here first; it may not be malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

>> Here << you can see how you can help us.
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: malwarebytes did not help. still have antivirus2009

Unread postby handsomematt » December 14th, 2008, 1:37 pm

As far as I can tell, my systems good to go. Thanks for all you help!
handsomematt
Active Member
 
Posts: 7
Joined: December 5th, 2008, 9:57 pm

Re: malwarebytes did not help. still have antivirus2009

Unread postby MikeSwim07 » December 15th, 2008, 6:52 pm

Your Welcome,

-Mike
MikeSwim07
Regular Member
 
Posts: 4215
Joined: August 27th, 2007, 9:44 am
Location: Gone

Re: malwarebytes did not help. still have antivirus2009

Unread postby NonSuch » December 21st, 2008, 3:29 am

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 30 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware