Free Malware Removal Forum

by **jmw3** » December 15th, 2008, 6:21 am

Hi Lido

Looks like only half of the Uninstall List was posted. Could you post the entire list for me.
I'll get back to you soon with further instructions.

Thanks

by **jmw3** » December 15th, 2008, 9:48 am

Hi Lido
As it's been over week I'd like to see an up to date log from your computer. We'll use Combofix for this. The following procedure will not make any changes. All it will do is produce a log.

Combofix
Delete the version of Combofix you have & download it again from one of these locations:
Link 1
Link 2
Link 3

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to do this can be found here
The ones that need to be closed/disabled are:
Trend Micro | AdAware | Spybot - Search & Destroy
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on No to close Combofix.
Click Start > Run
In the Run box type ComboFix /SkipFix (note the space between x & /) then click OK
When Combofix finishes a log will pop up. Copy & paste the contents & post in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
I'd also like to see a new HijackThis log.

by **Lido** » December 18th, 2008, 12:53 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:50 PM, on 12/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk870BYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8225 bytes

***************************************

by **Lido** » December 18th, 2008, 1:09 am

ComboFix 08-12-17.01 - Charles 2008-12-18 0:04:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.608 [GMT -5:00]
Running from: c:\documents and settings\Charles\Desktop\ComboFix.exe
Command switches used :: /SkipFix
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2008-11-18 to 2008-12-18 )))))))))))))))))))))))))))))))
.

2008-12-14 12:55 . 2008-12-14 12:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-14 12:55 . 2008-12-14 12:55 <DIR> d-------- c:\windows\system32\en
2008-12-14 12:55 . 2008-12-14 12:55 <DIR> d-------- c:\windows\system32\bits
2008-12-14 12:55 . 2008-12-14 12:55 <DIR> d-------- c:\windows\l2schemas
2008-12-14 12:52 . 2008-12-14 12:52 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-14 12:33 . 2008-12-14 12:32 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-14 12:24 . 2008-12-14 12:24 <DIR> d-------- c:\documents and settings\Charles\Application Data\WinPatrol
2008-12-14 12:23 . 2008-12-14 12:23 <DIR> d-------- c:\program files\BillP Studios
2008-12-05 23:03 . 2008-12-05 23:20 <DIR> d-------- C:\ComboFix2
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\documents and settings\Charles\Application Data\Malwarebytes
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 20:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 20:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 11:26 . 2008-11-27 11:26 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 02:32 --------- d-----w c:\documents and settings\Kelley\Application Data\SecondLife
2008-12-15 02:30 --------- d-----w c:\program files\MSN Messenger
2008-12-14 17:32 --------- d-----w c:\program files\Java
2008-12-08 02:47 --------- d-----w c:\program files\LimeWire
2008-12-07 21:04 --------- d-----w c:\documents and settings\Sloane\Application Data\AdobeUM
2008-12-07 20:43 --------- d-----w c:\documents and settings\Sloane\Application Data\LimeWire
2008-12-06 03:55 --------- d-----w c:\program files\uqbjlwd
2008-12-06 03:51 --------- d-----w c:\documents and settings\All Users\Application Data\dqzezixw
2008-11-11 23:37 13,270 ----a-w c:\program files\Common Files\gipelyq.dat
2008-11-07 10:54 11,189 ----a-w c:\windows\suzohyc.reg
2008-11-02 23:16 19,536 ----a-w c:\windows\system32\neze.exe
2008-11-02 23:16 19,276 ----a-w c:\windows\tydyrex.scr
2008-11-02 23:16 18,457 ----a-w c:\program files\Common Files\ipiseh._sy
2008-11-02 23:16 13,799 ----a-w c:\windows\asuviwaky.bat
2008-11-02 23:16 13,625 ----a-w c:\program files\Common Files\qivi.lib
2008-11-02 23:16 12,716 ----a-w c:\documents and settings\Sloane\Application Data\ujowo.pif
2008-11-02 23:16 11,939 ----a-w c:\documents and settings\Sloane\Application Data\sito.scr
2008-11-02 23:16 11,835 ----a-w c:\documents and settings\Sloane\Application Data\ifydihy.dll
2008-11-02 23:16 10,833 ----a-w c:\windows\vuqogeg.reg
2008-10-31 04:31 19,804 ----a-w c:\documents and settings\Sloane\Application Data\uxaholicaz.scr
2008-10-31 04:31 18,272 ----a-w c:\documents and settings\All Users\Application Data\tufumicyro.scr
2008-10-31 04:31 18,113 ----a-w c:\windows\system32\vubygiz.exe
2008-10-31 04:31 17,162 ----a-w c:\documents and settings\Sloane\Application Data\edikuryko.sys
2008-10-31 04:31 16,938 ----a-w c:\windows\zebumu.bin
2008-10-31 04:31 15,127 ----a-w c:\windows\ruquqogavi.reg
2008-10-31 04:31 13,803 ----a-w c:\documents and settings\All Users\Application Data\zaryquzaw.com
2008-10-31 04:31 12,495 ----a-w c:\documents and settings\All Users\Application Data\wukedy.pif
2008-10-31 04:31 11,053 ----a-w c:\program files\Common Files\gaveju.reg
2008-10-31 04:31 10,507 ----a-w c:\windows\zilucoka.exe
2008-10-31 00:30 15,021 ----a-w c:\program files\Common Files\hije.dat
2008-10-29 22:03 17,915 ----a-w c:\windows\system32\afysu.pif
2008-10-29 22:03 17,338 ----a-w c:\program files\Common Files\lyza.ban
2008-10-29 22:03 16,749 ----a-w c:\documents and settings\Sydney\Application Data\boca.dll
2008-10-29 22:03 16,358 ----a-w c:\windows\tadame.exe
2008-10-29 22:03 14,939 ----a-w c:\windows\wixodocyw.bat
2008-10-29 22:03 14,328 ----a-w c:\windows\potumab.vbs
2008-10-29 22:03 14,029 ----a-w c:\windows\wyfateho.bin
2008-10-29 22:03 12,089 ----a-w c:\windows\xuzog.bat
2008-10-29 22:03 11,657 ----a-w c:\windows\system32\akeqehuk.vbs
2008-10-29 22:03 10,714 ----a-w c:\program files\Common Files\setukaz.db
2008-10-29 22:03 10,130 ----a-w c:\windows\system32\ohed.vbs
2008-10-28 05:18 19,627 ----a-w c:\documents and settings\All Users\Application Data\egafemedix.vbs
2008-10-28 05:18 19,340 ----a-w c:\program files\Common Files\howyho._sy
2008-10-28 05:18 17,542 ----a-w c:\windows\yromy.bin
2008-10-28 05:18 15,515 ----a-w c:\documents and settings\Sloane\Application Data\mapijunyc.exe
2008-10-28 05:18 14,571 ----a-w c:\windows\ecapeza.reg
2008-10-28 05:18 14,447 ----a-w c:\program files\Common Files\mobe._sy
2008-10-28 05:18 12,638 ----a-w c:\windows\silylovihe.com
2008-10-28 05:18 12,627 ----a-w c:\documents and settings\Sloane\Application Data\zuhyc.reg
2008-10-28 05:18 12,477 ----a-w c:\documents and settings\All Users\Application Data\ybakivymu.sys
2008-10-28 05:18 11,723 ----a-w c:\windows\eremis.bat
2008-10-27 02:01 --------- d-----w c:\program files\SecondLife
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-20 10:20 --------- d-----w c:\documents and settings\Sydney\Application Data\AdobeUM
2008-10-17 07:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-10 20:33 30,776 -c--a-w c:\documents and settings\Sydney\Application Data\GDIPFONTCACHEV1.DAT
2008-03-07 01:52 30,776 -c--a-w c:\documents and settings\Sloane\Application Data\GDIPFONTCACHEV1.DAT
2007-10-13 14:19 60,968 ----a-w c:\documents and settings\Charles\GoToAssistDownloadHelper.exe
2007-01-06 07:11 1 -c--a-w c:\documents and settings\Sloane\SI.bin
2005-06-17 07:57 774,144 -c--a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"UMonit"="c:\windows\system32\umonit.exe" [2004-05-11 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-07-27 180269]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]

c:\documents and settings\Sloane\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\GameSpot\GDM_TrayApp.exe [2007-05-09 237568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe [2007-05-09 700416]
S3 cdspacex;cdspacex;c:\windows\system32\DRIVERS\CDSPACEX.sys []
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2005-07-13 6656]
S3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\DRIVERS\TwoRabts.sys []
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\DRIVERS\w600bus.sys []
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w600mdfl.sys []
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\w600mdm.sys []
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\w600mgmt.sys []
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w600obex.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk870BYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 00:05:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe??ed1&Pid_8?????VID808?????Uf?C?USB\RO8???UB?0???????????????????????????w?U??????????tq7?l??????|p??|????m??|C??w?????????Uf?B$?|???w???w*?,??Uf????????????????????????????????w????????????tq7?????T?????7?????tq7???????=????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2008-12-18 0:06:58
ComboFix-quarantined-files.txt 2008-12-18 05:06:41
ComboFix2.txt 2008-12-18 04:59:11
ComboFix3.txt 2008-12-18 04:45:03
ComboFix4.txt 2008-12-06 04:20:20

Pre-Run: 2,946,523,136 bytes free
Post-Run: 2,920,738,816 bytes free

208 --- E O F --- 2008-12-15 05:22:14

by **jmw3** » December 18th, 2008, 5:08 pm

No Anti-virus
Looking over your log, it seems you don't have any evidence of anti-virus software.
Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

Your computer must have only ONE anti-virus program installed at any time. Having more than one anti-virus program installed & active will cause program conflicts, false virus alerts, and system crashes.

Fix HiJackThis Entries

Open HiJackThis
Click on Do a system scan only
Place a checkmark next to these lines(if still present):

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.h ... xmk870BYUS

Close all windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HijackThis.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all

Driver::
edikuryko
ybakivymu

Folder::
c:\program files\LimeWire
c:\documents and settings\Sloane\Application Data\LimeWire
c:\program files\uqbjlwd
c:\documents and settings\All Users\Application Data\dqzezixw

File::
c:\program files\Common Files\gipelyq.dat
c:\windows\suzohyc.reg
c:\windows\system32\neze.exe
c:\windows\tydyrex.scr
c:\program files\Common Files\ipiseh._sy
c:\windows\asuviwaky.bat
c:\program files\Common Files\qivi.lib
c:\documents and settings\Sloane\Application Data\ujowo.pif
c:\documents and settings\Sloane\Application Data\sito.scr
c:\documents and settings\Sloane\Application Data\ifydihy.dll
c:\windows\vuqogeg.reg
c:\documents and settings\Sloane\Application Data\uxaholicaz.scr
c:\documents and settings\All Users\Application Data\tufumicyro.scr
c:\windows\system32\vubygiz.exe
c:\documents and settings\Sloane\Application Data\edikuryko.sys
c:\windows\zebumu.bin
c:\windows\ruquqogavi.reg
c:\documents and settings\All Users\Application Data\zaryquzaw.com
c:\documents and settings\All Users\Application Data\wukedy.pif
c:\program files\Common Files\gaveju.reg
c:\windows\zilucoka.exe
c:\program files\Common Files\hije.dat
c:\windows\system32\afysu.pif
c:\program files\Common Files\lyza.ban
c:\documents and settings\Sydney\Application Data\boca.dll
c:\windows\tadame.exe
c:\windows\wixodocyw.bat
c:\windows\potumab.vbs
c:\windows\wyfateho.bin
c:\windows\xuzog.bat
c:\windows\system32\akeqehuk.vbs
c:\program files\Common Files\setukaz.db
c:\windows\system32\ohed.vbs
c:\documents and settings\All Users\Application Data\egafemedix.vbs
c:\program files\Common Files\howyho._sy
c:\windows\yromy.bin
c:\documents and settings\Sloane\Application Data\mapijunyc.exe
c:\windows\ecapeza.reg
c:\program files\Common Files\mobe._sy
c:\windows\silylovihe.com
c:\documents and settings\Sloane\Application Data\zuhyc.reg
c:\documents and settings\All Users\Application Data\ybakivymu.sys
c:\windows\eremis.bat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
Combofix log
New HijackThis log

by **Lido** » December 20th, 2008, 4:42 pm

ComboFix 08-12-17.01 - Charles 2008-12-20 15:27:13.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.619 [GMT -5:00]
Running from: c:\documents and settings\Charles\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Charles\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\egafemedix.vbs
c:\documents and settings\All Users\Application Data\tufumicyro.scr
c:\documents and settings\All Users\Application Data\wukedy.pif
c:\documents and settings\All Users\Application Data\ybakivymu.sys
c:\documents and settings\All Users\Application Data\zaryquzaw.com
c:\documents and settings\Sloane\Application Data\edikuryko.sys
c:\documents and settings\Sloane\Application Data\ifydihy.dll
c:\documents and settings\Sloane\Application Data\mapijunyc.exe
c:\documents and settings\Sloane\Application Data\sito.scr
c:\documents and settings\Sloane\Application Data\ujowo.pif
c:\documents and settings\Sloane\Application Data\uxaholicaz.scr
c:\documents and settings\Sloane\Application Data\zuhyc.reg
c:\documents and settings\Sydney\Application Data\boca.dll
c:\program files\Common Files\gaveju.reg
c:\program files\Common Files\gipelyq.dat
c:\program files\Common Files\hije.dat
c:\program files\Common Files\howyho._sy
c:\program files\Common Files\ipiseh._sy
c:\program files\Common Files\lyza.ban
c:\program files\Common Files\mobe._sy
c:\program files\Common Files\qivi.lib
c:\program files\Common Files\setukaz.db
c:\windows\asuviwaky.bat
c:\windows\ecapeza.reg
c:\windows\eremis.bat
c:\windows\potumab.vbs
c:\windows\ruquqogavi.reg
c:\windows\silylovihe.com
c:\windows\suzohyc.reg
c:\windows\system32\afysu.pif
c:\windows\system32\akeqehuk.vbs
c:\windows\system32\neze.exe
c:\windows\system32\ohed.vbs
c:\windows\system32\vubygiz.exe
c:\windows\tadame.exe
c:\windows\tydyrex.scr
c:\windows\vuqogeg.reg
c:\windows\wixodocyw.bat
c:\windows\wyfateho.bin
c:\windows\xuzog.bat
c:\windows\yromy.bin
c:\windows\zebumu.bin
c:\windows\zilucoka.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\dqzezixw
c:\documents and settings\All Users\Application Data\egafemedix.vbs
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\tufumicyro.scr
c:\documents and settings\All Users\Application Data\wukedy.pif
c:\documents and settings\All Users\Application Data\ybakivymu.sys
c:\documents and settings\All Users\Application Data\zaryquzaw.com
c:\documents and settings\Sloane\Application Data\edikuryko.sys
c:\documents and settings\Sloane\Application Data\ifydihy.dll
c:\documents and settings\Sloane\Application Data\mapijunyc.exe
c:\documents and settings\Sloane\Application Data\sito.scr
c:\documents and settings\Sloane\Application Data\ujowo.pif
c:\documents and settings\Sloane\Application Data\uxaholicaz.scr
c:\documents and settings\Sloane\Application Data\zuhyc.reg
c:\documents and settings\Sydney\Application Data\boca.dll
c:\program files\Common Files\gaveju.reg
c:\program files\Common Files\gipelyq.dat
c:\program files\Common Files\hije.dat
c:\program files\Common Files\howyho._sy
c:\program files\Common Files\ipiseh._sy
c:\program files\Common Files\lyza.ban
c:\program files\Common Files\mobe._sy
c:\program files\Common Files\qivi.lib
c:\program files\Common Files\setukaz.db
c:\program files\LimeWire
c:\program files\LimeWire\hs_err_pid2652.log
c:\program files\LimeWire\hs_err_pid3368.log
c:\program files\LimeWire\hs_err_pid3408.log
c:\program files\LimeWire\hs_err_pid4000.log
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-httpclient.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\commons-pool.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\httpcore-nio.jar
c:\program files\LimeWire\lib\httpcore.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\id3v2.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\Marilyn Manson - This Is Halloween.mp3
c:\program files\uqbjlwd
c:\windows\asuviwaky.bat
c:\windows\ecapeza.reg
c:\windows\eremis.bat
c:\windows\potumab.vbs
c:\windows\ruquqogavi.reg
c:\windows\silylovihe.com
c:\windows\suzohyc.reg
c:\windows\system32\afysu.pif
c:\windows\system32\akeqehuk.vbs
c:\windows\system32\neze.exe
c:\windows\system32\ohed.vbs
c:\windows\system32\vubygiz.exe
c:\windows\tadame.exe
c:\windows\tydyrex.scr
c:\windows\vuqogeg.reg
c:\windows\wixodocyw.bat
c:\windows\wyfateho.bin
c:\windows\xuzog.bat
c:\windows\yromy.bin
c:\windows\zebumu.bin
c:\windows\zilucoka.exe
c:\documents and settings\Sloane\Application Data\LimeWire . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://au.j+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
.
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-20 15:35 . 1,893 c:\windows\bcmwltrytmp.reg
2008-12-20 15:16 . 2008-12-20 15:16 <DIR> d-------- c:\program files\Avira
2008-12-20 15:16 . 2008-12-20 15:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-12-14 12:55 . 2008-12-14 12:55 <DIR> d-------- c:\windows\system32\scripting
2008-12-14 12:55 . 2008-12-14 12:55 <DIR> d-------- c:\windows\system32\en
2008-12-14 12:55 . 2008-12-14 12:55 <DIR> d-------- c:\windows\system32\bits
2008-12-14 12:55 . 2008-12-14 12:55 <DIR> d-------- c:\windows\l2schemas
2008-12-14 12:52 . 2008-12-14 12:52 <DIR> d-------- c:\windows\ServicePackFiles
2008-12-14 12:33 . 2008-12-14 12:32 410,976 --a------ c:\windows\system32\deploytk.dll
2008-12-14 12:24 . 2008-12-14 12:24 <DIR> d-------- c:\documents and settings\Charles\Application Data\WinPatrol
2008-12-14 12:23 . 2008-12-14 12:23 <DIR> d-------- c:\program files\BillP Studios
2008-12-05 23:03 . 2008-12-05 23:20 <DIR> d-------- C:\ComboFix2
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\documents and settings\Charles\Application Data\Malwarebytes
2008-12-05 20:41 . 2008-12-05 20:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-05 20:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-05 20:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-27 11:26 . 2008-11-27 11:26 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 02:32 --------- d-----w c:\documents and settings\Kelley\Application Data\SecondLife
2008-12-15 02:30 --------- d-----w c:\program files\MSN Messenger
2008-12-14 17:32 --------- d-----w c:\program files\Java
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-07 21:04 --------- d-----w c:\documents and settings\Sloane\Application Data\AdobeUM
2008-12-07 20:43 --------- d-----w c:\documents and settings\Sloane\Application Data\LimeWire
2008-10-27 02:01 --------- d-----w c:\program files\SecondLife
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-20 10:20 --------- d-----w c:\documents and settings\Sydney\Application Data\AdobeUM
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-10 20:33 30,776 -c--a-w c:\documents and settings\Sydney\Application Data\GDIPFONTCACHEV1.DAT
2008-03-07 01:52 30,776 -c--a-w c:\documents and settings\Sloane\Application Data\GDIPFONTCACHEV1.DAT
2007-10-13 14:19 60,968 ----a-w c:\documents and settings\Charles\GoToAssistDownloadHelper.exe
2007-01-06 07:11 1 -c--a-w c:\documents and settings\Sloane\SI.bin
2005-06-17 07:57 774,144 -c--a-w c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot_2008-12-17_23.43.49.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 07:08:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-05-09 17:15:51 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys
+ 2008-01-21 22:11:28 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys
+ 2008-10-30 15:21:03 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys
+ 2007-03-01 14:34:22 28,352 ----a-w c:\windows\system32\drivers\ssmdrv.sys
- 2008-10-17 07:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-20 20:34:45 16,384 ----atw c:\windows\temp\Perflib_Perfdata_54c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-12 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"UMonit"="c:\windows\system32\umonit.exe" [2004-05-11 53248]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-07-27 180269]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-10-09 333120]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

c:\documents and settings\Sloane\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\GameSpot\GDM_TrayApp.exe [2007-05-09 237568]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 DNADownloader;DNADownloader;c:\program files\GameSpot\DownloadManager_Win32.exe [2007-05-09 700416]
S3 cdspacex;cdspacex;c:\windows\system32\DRIVERS\CDSPACEX.sys []
S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [2005-07-13 6656]
S3 TwoRabts;Two Rabbits Live Bus;c:\windows\system32\DRIVERS\TwoRabts.sys []
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\DRIVERS\w600bus.sys []
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\DRIVERS\w600mdfl.sys []
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\w600mdm.sys []
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\w600mgmt.sys []
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w600obex.sys []

*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2008-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 15:34:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UMonit = c:\windows\system32\umonit.exe??ed1&Pid_8?????VID808?????Uf?C?USB\RO8???UB?0???????????????????????????w?U??????????tq7?l??????|p??|????m??|C??w?????????Uf?B$?|???w???w*?,??Uf????????????????????????????????w????????????tq7?????T?????7?????tq7???????=????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1420)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\fxssvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-12-20 15:39:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-20 20:38:55
ComboFix2.txt 2008-12-18 05:07:01
ComboFix3.txt 2008-12-18 04:59:11
ComboFix4.txt 2008-12-18 04:45:03
ComboFix5.txt 2008-12-20 20:25:45

Pre-Run: 2,730,553,344 bytes free
Post-Run: 2,708,455,424 bytes free

340 --- E O F --- 2008-12-18 05:12:31

**************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:32 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8713 bytes

by **jmw3** » December 20th, 2008, 8:13 pm

Hello Lido
Looking much better. How's the computer running?

Gmer
Download gmer.zip from Gmer here & save it to your desktop.

Right click on gmer.zip and select Extract All...
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard
Click on the Browse button. Click on Desktop. Then click OK
Click Next. It will start extracting
Once done, check (tick) the Show extracted files box and click Finish
Double click on gmer.exe to run it
Select the Rootkit tab
On the right hand side, check all the items to be scanned, but leave Show All box unchecked
Select all drives that are connected to your system to be scanned
Click on the Scan button
When the scan is finished, click Copy to save the scan log to the Windows clipboard
Open Notepad or a similar text editor
Paste the clipboard contents into the text editor
Save the Gmer scan log and post it in your next reply
Close Gmer
Open Command Prompt by going to Start > Run and type in cmd. Press Enter
In Command Prompt, type in net stop gmer. Press Enter
Type in exit to close Command Prompt

Note: Do not run any programs while Gmer is running.

To post in next reply:
Gmer log
New HijackThis log

by **Lido** » December 20th, 2008, 10:09 pm

Lap top running fine; thanks:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-20 21:04:39
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF7481818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF74817D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7475A20]
SSDT F7C4A85C ZwCreateThread
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF74762A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF7481910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF7481794]
SSDT F7C4A848 ZwOpenProcess
SSDT F7C4A84D ZwOpenThread
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF74762C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF7481866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF74810B0]
SSDT F7C4A857 ZwTerminateProcess
SSDT F7C4A852 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\internet explorer\iexplore.exe[1172] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1172] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1172] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1172] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1172] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1172] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1172] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1172] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8777A278
Device \Driver\Cdrom \Device\CdRom0 8726BAE8
Device \FileSystem\Rdbss \Device\FsWrap 872B2F40
Device \Driver\Cdrom \Device\CdRom1 8726BAE8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 875D8E08
Device \Driver\atapi \Device\Ide\IdePort0 875D8E08
Device \Driver\atapi \Device\Ide\IdePort1 875D8E08
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 875D8E08
Device \FileSystem\Srv \Device\LanmanServer 8756C350
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 87277D38
Device \FileSystem\MRxSmb \Device\LanmanRedirector 87277D38
Device \FileSystem\Npfs \Device\NamedPipe 8723EC50
Device \FileSystem\Msfs \Device\Mailslot 87224AB8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 872B4D68
Device \Driver\d347prt \Device\Scsi\d347prt1 872B4D68
Device \FileSystem\Fastfat \Fat EFD72D20
Device \FileSystem\Fastfat \Fat 86618F70

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 87223AC0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 87223AC0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 87223AC0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 87223AC0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 87223AC0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 87708858
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Modules - GMER 1.0.14 ----

Module _________ F73BA000-F73D2000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ C:\Program Files\Microsoft Office\Office10\OUTLRPC.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@InprocServer32 YohbVn-}f(YR]eAR6.jiOUTLOOKFiles>B-mgZ!Sy{@Ax5Fk-~+CG?
Reg HKLM\SOFTWARE\Classes\CLSID\{31E3FC97-DFA6-BD2D-E982-A7B9DBD87050}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\RTFClassName@ WrdPrfctDos

---- EOF - GMER 1.0.14 ----
**************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:08:07 PM, on 12/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8729 bytes

by **jmw3** » December 21st, 2008, 12:49 pm

OTMoveIt3
Download OTMoveIt3.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt3.exe to run it
Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved

Note: Do not type it out to minimize the risk of typo error

Code: Select all

:Files
c:\documents and settings\Sloane\Application Data\LimeWire

:Commands
[EmptyTemp]
[Reboot]

Click on MoveIt!
When done, click on Exit

Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program
up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 11.
JavaRa
Download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program
From the drop-down menu, choose English and click on Select
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK
A logfile will pop up. Save it to a convenient location
Click on Additional Tasks then tick Remove Useless JRE Files
Click Go then OK when prompted & close the program.

Update Java Runtime

Go to http://java.sun.com/javase/downloads/index.jsp
Scroll down to Java Runtime Environment (JRE) 6 Update 11 and click on the Download button
In the Platform box choose Windows
Check the box to Accept License Agreement and click Continue
Click on Windows Offline Installation, click on the link under it which says "jre-6u11-windows-i586-p.exe" and save the downloaded file to your desktop
Install the new version by running the downloaded file with the Java icon & follow the on-screen instructions
Reboot your computer

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<

Read through the requirements and privacy statement and click on Accept button
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
When the downloads have finished, click on Settings
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan
Once the scan is complete, it will display the results. Click on View Scan Report
You will see a list of infected items there. Click on Save Report As...
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
Please post this log in your next reply

I'd also like to see a new list of installed programs so please do this:
Create an Uninstall List

Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button
Click on the Save list... button and specify where you would like to save this file
When you press the Save button a notepad will open with the contents of that file
Copy and paste the contents of that notepad here in your next reply

To post in next reply:
OTMoveIt3 log
Kaspersky Scan Log
A Full Uninstall list
New HijackThis log

by **Lido** » December 21st, 2008, 5:04 pm

OTMove:

========== FILES ==========
Folder move failed. c:\documents and settings\Sloane\Application Data\LimeWire scheduled to be moved on reboot.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_724.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12212008_154626

Files moved on Reboot...
Folder move failed. c:\documents and settings\Sloane\Application Data\LimeWire scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_724.dat not found!

by **Lido** » December 22nd, 2008, 2:00 am

Kapersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 22, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 21, 2008 19:08:11
Records in database: 1496979
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 146913
Threat name: 8
Infected objects: 55
Suspicious objects: 0
Duration of the scan: 03:29:08

File name / Threat name / Threats count
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Bob Dylan - Covenant Woman.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Marilyn Manson - Coma black.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Original Motion Picture Soundtrack - Ella Fitzgerald - I love Paris.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Sloane\Shared\Icon of Coil - Love as blood.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Sloane\Shared\Icon Of Coil - Thrillcapsule.wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Documents and Settings\Sloane\Shared\Nebula H - Twilight Zone.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\Sloane\Shared\Top of Charts - 2003 (knifehandchop).wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Sloane\Shared\Top of Charts - 2003.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Documents and Settings\Sloane\Shared\Wicked Remix (knifehandchop).wma Infected: Trojan-Downloader.WMA.Wimad.k 1
C:\Documents and Settings\Sydney\My Documents\LimeWire\Saved\bill nye.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\054C9982-61E8-4FF0-A5B9-2F59ED\3285F16C-6930-4684-B675-828814 Infected: not-a-virus:AdWare.Win32.180Solutions.j 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\312E7744-6F60-4F6A-B084-90DEE5\1440883E-B62B-4690-916E-61892B Infected: not-a-virus:AdWare.Win32.180Solutions.j 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\3322F6F3-4A35-477C-9CED-90B4DA\3DF09A26-F461-4C7D-A7A6-043200 Infected: not-a-virus:AdWare.Win32.180Solutions.j 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\4BA4FCF3-081C-4966-9411-4B6186\92CD94CC-3F56-4FF3-99F0-5BB931 Infected: not-a-virus:AdWare.Win32.180Solutions.j 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\88DE6630-9B65-4977-B74E-B2211E\F1905190-1A2F-409B-A9BF-15B858 Infected: not-a-virus:AdWare.Win32.180Solutions.j 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\BA2066FD-A0ED-4DF7-B905-9F784A\29CF11E7-3C63-4B63-BE61-72CB5C Infected: not-a-virus:AdWare.Win32.180Solutions.j 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\BA2066FD-A0ED-4DF7-B905-9F784A\C70B7806-E7E9-4CCF-A20A-CB9604 Infected: not-a-virus:AdWare.Win32.180Solutions.i 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4C08EEA-3136-4C82-9723-433766\293AE43D-DEB7-4BB9-A70D-B3ADC1 Infected: not-a-virus:AdWare.Win32.180Solutions.j 1
C:\WINDOWS\system32\axquzycs.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\bsfpuinlxo.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\cgsukemft.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\cynhbezl.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\dxvyoejgt.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\fnpoabmeid.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\gnhlfdkqm.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\hyajvldrzc.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\iofrdv.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\jgubznv.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\jlgtbxf.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\jspxflvm.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\jvafwcoz.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\konsltbzc.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\mdcwsguq.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.k 1
C:\WINDOWS\system32\mrgeytk.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\mvhacdix.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\nfgrjkht.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\nociwhyer.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\ntvesojm.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\odxpzuefaw.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\pckrbvn.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\plujrfsxmw.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\rhjsnizxgl.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\skurnmjyl.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\tipmwosqla.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\tqdgiemkl.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\ubagtzkr.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\umgqdhzajv.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\upmrokie.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\uwranzx.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\wvjqme.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\xkfeuwmcrh.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\xljwmzibe.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\ykxtpd.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\ynkzomu.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1
C:\WINDOWS\system32\zsmkevfn.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m 1

The selected area was scanned.

**********************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:44 AM, on 12/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\Charles\Local Settings\temp\jkos-Charles\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8868 bytes
*****************************************

Uninstall list:

Ad-Aware
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0.1
AGEIA PhysX v2.3.3
ALPS Touch Pad Driver
AOL Instant Messenger
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Advanced Control Suite 2
Cisco Systems VPN Client 4.6.04.0043
Conexant D110 MDC V.92 Modem
DAEMON Tools
Dell Digital Jukebox Driver
Dell Media Experience
Dell Picture Studio v3.0
Dell ResourceCD
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Converter
Drive Manager
Drive Manager
EAX4 Unified Redist
Express Burn
ExtractNow
GameSpot Download Manager
Google Earth
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB952287)
Intel(R) PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
iPod for Windows 2005-09-23
iPod for Windows 2006-01-10
iTunes
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 10
Java(TM) 6 Update 7
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
mCore
mDriver
mDrWiFi
Memory Stick Formatter
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Standard for Students and Teachers
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Text-to-Speech Engine 4.0 (English)
mIWA
MixPad
mLogView
mMHouse
Modem Helper
MP3 Cutter 1.2
mPfMgr
mPfWiz
mProSafe
MSAC-USM1
MSAC-USM1
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mWMI
mXML
My Way Search Assistant
mZConfig
nanoPEG-Editor 2.3 Hauppauge Edition
Network Stumbler 0.4.0 (remove only)
NVIDIA Drivers
PCFriendly
PowerDVD 5.3
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer
SecondLife (remove only)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
swiynfj
The Sims 2
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VeohTV BETA
Viewpoint Media Player
WavePad Sound Editor
Windows Live Messenger
Windows Media Connect
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Service Pack 3
WindowsÓÅ»¯´óÊ¦
WinPatrol 2008
WinRAR archiver
ZSMC USB PC Camera

by **jmw3** » December 22nd, 2008, 11:12 am

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Java(TM) 6 Update 10
Java(TM) 6 Update 7
My Way Search Assistant

swiynfj <<<------
WindowsÓÅ»¯´óÊ¦ <<<------ These are in your current Uninstall List. Any idea what they are? If not remove them as well.

If some programs listed are not present, please do not panic

OTMoveIt3

Double click on OTMoveIt3.exe to run it
Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved

Note: Do not type it out to minimize the risk of typo error

Code: Select all

:Files
c:\documents and settings\Sloane\Application Data\LimeWire
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Bob Dylan - Covenant Woman.mp3
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Marilyn Manson - Coma black.mp3
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Original Motion Picture Soundtrack - Ella Fitzgerald - I love Paris.mp3
C:\Documents and Settings\Sloane\Shared\Icon of Coil - Love as blood.mp3
C:\Documents and Settings\Sloane\Shared\Icon Of Coil - Thrillcapsule.wma
C:\Documents and Settings\Sloane\Shared\Nebula H - Twilight Zone.mp3
C:\Documents and Settings\Sloane\Shared\Top of Charts - 2003 (knifehandchop).wma
C:\Documents and Settings\Sloane\Shared\Top of Charts - 2003.wma
C:\Documents and Settings\Sloane\Shared\Wicked Remix (knifehandchop).wma
C:\Documents and Settings\Sydney\My Documents\LimeWire\Saved\bill nye.mp3
C:\Program Files\Microsoft AntiSpyware
C:\WINDOWS\system32\axquzycs.exe
C:\WINDOWS\system32\bsfpuinlxo.exe
C:\WINDOWS\system32\cgsukemft.exe
C:\WINDOWS\system32\cynhbezl.exe
C:\WINDOWS\system32\dxvyoejgt.exe
C:\WINDOWS\system32\fnpoabmeid.exe
C:\WINDOWS\system32\gnhlfdkqm.exe
C:\WINDOWS\system32\hyajvldrzc.exe
C:\WINDOWS\system32\iofrdv.exe
C:\WINDOWS\system32\jgubznv.exe
C:\WINDOWS\system32\jlgtbxf.exe
C:\WINDOWS\system32\jspxflvm.exe
C:\WINDOWS\system32\jvafwcoz.exe
C:\WINDOWS\system32\konsltbzc.exe
C:\WINDOWS\system32\mdcwsguq.exe
C:\WINDOWS\system32\mrgeytk.exe
C:\WINDOWS\system32\mvhacdix.exe
C:\WINDOWS\system32\nfgrjkht.exe
C:\WINDOWS\system32\nociwhyer.exe
C:\WINDOWS\system32\ntvesojm.exe
C:\WINDOWS\system32\odxpzuefaw.exe
C:\WINDOWS\system32\pckrbvn.exe
C:\WINDOWS\system32\plujrfsxmw.exe
C:\WINDOWS\system32\rhjsnizxgl.exe
C:\WINDOWS\system32\skurnmjyl.exe
C:\WINDOWS\system32\tipmwosqla.exe
C:\WINDOWS\system32\tqdgiemkl.exe
C:\WINDOWS\system32\ubagtzkr.exe
C:\WINDOWS\system32\umgqdhzajv.exe
C:\WINDOWS\system32\upmrokie.exe
C:\WINDOWS\system32\uwranzx.exe
C:\WINDOWS\system32\wvjqme.exe
C:\WINDOWS\system32\xkfeuwmcrh.exe
C:\WINDOWS\system32\xljwmzibe.exe
C:\WINDOWS\system32\ykxtpd.exe
C:\WINDOWS\system32\ynkzomu.exe
C:\WINDOWS\system32\zsmkevfn.exe

:Commands
[Purity]
[EmptyTemp]
[Reboot]

Click on MoveIt!
When done, click on Exit

Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

To post in next reply:
OTMoveIt3 log
New HijackThis log

by **Lido** » December 24th, 2008, 5:49 pm

========== FILES ==========
Folder move failed. c:\documents and settings\Sloane\Application Data\LimeWire scheduled to be moved on reboot.
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Bob Dylan - Covenant Woman.mp3 moved successfully.
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Marilyn Manson - Coma black.mp3 moved successfully.
C:\Documents and Settings\Sloane\My Documents\LimeWire\Saved\Original Motion Picture Soundtrack - Ella Fitzgerald - I love Paris.mp3 moved successfully.
File/Folder C:\Documents and Settings\Sloane\Shared\Icon of Coil - Love as blood.mp3 not found.
C:\Documents and Settings\Sloane\Shared\Icon Of Coil - Thrillcapsule.wma moved successfully.
C:\Documents and Settings\Sloane\Shared\Nebula H - Twilight Zone.mp3 moved successfully.
C:\Documents and Settings\Sloane\Shared\Top of Charts - 2003 (knifehandchop).wma moved successfully.
C:\Documents and Settings\Sloane\Shared\Top of Charts - 2003.wma moved successfully.
C:\Documents and Settings\Sloane\Shared\Wicked Remix (knifehandchop).wma moved successfully.
C:\Documents and Settings\Sydney\My Documents\LimeWire\Saved\bill nye.mp3 moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\D4C08EEA-3136-4C82-9723-433766 moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\BA2066FD-A0ED-4DF7-B905-9F784A moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\A4E3338C-0319-4949-B968-1F250D moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\88DE6630-9B65-4977-B74E-B2211E moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\54298F4A-6D72-451B-BA7A-2D11ED moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\4BA4FCF3-081C-4966-9411-4B6186 moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\3322F6F3-4A35-477C-9CED-90B4DA moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\312E7744-6F60-4F6A-B084-90DEE5 moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\27876429-1F9B-40A2-9893-49DB32 moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\10555A2C-0272-4E24-A250-4FDA3D moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine\054C9982-61E8-4FF0-A5B9-2F59ED moved successfully.
C:\Program Files\Microsoft AntiSpyware\Quarantine moved successfully.
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems moved successfully.
C:\Program Files\Microsoft AntiSpyware moved successfully.
C:\WINDOWS\system32\axquzycs.exe moved successfully.
C:\WINDOWS\system32\bsfpuinlxo.exe moved successfully.
C:\WINDOWS\system32\cgsukemft.exe moved successfully.
C:\WINDOWS\system32\cynhbezl.exe moved successfully.
C:\WINDOWS\system32\dxvyoejgt.exe moved successfully.
C:\WINDOWS\system32\fnpoabmeid.exe moved successfully.
C:\WINDOWS\system32\gnhlfdkqm.exe moved successfully.
C:\WINDOWS\system32\hyajvldrzc.exe moved successfully.
C:\WINDOWS\system32\iofrdv.exe moved successfully.
C:\WINDOWS\system32\jgubznv.exe moved successfully.
C:\WINDOWS\system32\jlgtbxf.exe moved successfully.
C:\WINDOWS\system32\jspxflvm.exe moved successfully.
C:\WINDOWS\system32\jvafwcoz.exe moved successfully.
C:\WINDOWS\system32\konsltbzc.exe moved successfully.
C:\WINDOWS\system32\mdcwsguq.exe moved successfully.
C:\WINDOWS\system32\mrgeytk.exe moved successfully.
C:\WINDOWS\system32\mvhacdix.exe moved successfully.
C:\WINDOWS\system32\nfgrjkht.exe moved successfully.
C:\WINDOWS\system32\nociwhyer.exe moved successfully.
C:\WINDOWS\system32\ntvesojm.exe moved successfully.
C:\WINDOWS\system32\odxpzuefaw.exe moved successfully.
C:\WINDOWS\system32\pckrbvn.exe moved successfully.
C:\WINDOWS\system32\plujrfsxmw.exe moved successfully.
C:\WINDOWS\system32\rhjsnizxgl.exe moved successfully.
C:\WINDOWS\system32\skurnmjyl.exe moved successfully.
C:\WINDOWS\system32\tipmwosqla.exe moved successfully.
C:\WINDOWS\system32\tqdgiemkl.exe moved successfully.
C:\WINDOWS\system32\ubagtzkr.exe moved successfully.
C:\WINDOWS\system32\umgqdhzajv.exe moved successfully.
C:\WINDOWS\system32\upmrokie.exe moved successfully.
C:\WINDOWS\system32\uwranzx.exe moved successfully.
C:\WINDOWS\system32\wvjqme.exe moved successfully.
C:\WINDOWS\system32\xkfeuwmcrh.exe moved successfully.
C:\WINDOWS\system32\xljwmzibe.exe moved successfully.
C:\WINDOWS\system32\ykxtpd.exe moved successfully.
C:\WINDOWS\system32\ynkzomu.exe moved successfully.
C:\WINDOWS\system32\zsmkevfn.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Charles\LOCALS~1\Temp\Perflib_Perfdata_9d8.dat scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12242008_164037

Files moved on Reboot...
Folder move failed. c:\documents and settings\Sloane\Application Data\LimeWire scheduled to be moved on reboot.
File C:\DOCUME~1\Charles\LOCALS~1\Temp\Perflib_Perfdata_9d8.dat not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
*****************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:43 PM, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8079 bytes

by **jmw3** » December 25th, 2008, 8:10 pm

Hi Lido & Merry Christmas

Logs look good.

Fix HiJackThis Entries

Open HiJackThis
Click on Do a system scan only
Place a checkmark next to these lines(if still present):

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all windows except Hijackthis and click Fix Checked
Click Yes when prompted
Close HijackThis.

Delete Files & Folders
Using Windows Explore by right-clicking the Start button and left clicking Explore navigate to & find the following Folder: if found, delete it (some may not be present after previous steps):

c:\documents and settings\Sloane\Application Data\LimeWire <<<<------------ (You may have to log in as user 'Sloane' to delete this folder)

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.

Remove Combofix
Click on Start > Run. Copy and paste in ComboFix /u and click OK.

Double-click OTMoveIt3.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it yourself

You can also delete JavaRa from your desktop & any logs that may have been left.

Post a new HijackThis log for review & let me know how the computer is running or problems.

by **Lido** » December 27th, 2008, 1:42 pm

Computer running fine; thank you! Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:29:26 PM, on 12/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\GameSpot\DownloadManager_Win32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqnbk/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DNADownloader - CNET Networks - C:\Program Files\GameSpot\DownloadManager_Win32.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 8969 bytes

Free Malware Removal Forum

XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Re: XPAntispyware2009 has me totally blocked

Who is online