Browser Hijacked with spyware

CD82 · 2007/01/09

my internet explorer seems to be hijacked with spyware. i get drivercleaner pop ups an others i thought i had this fixed yesterday. but aparently its back an i didnt get it all. but ive got the latest hijack this and its in my windyws c drive now in a folder called c:\hjt.

hers the log file

Logfile of HijackThis v1.99.1
Scan saved at 10:20:12 AM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE "
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe "
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aswasuqk.dll ",setvm
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166699436406
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

i do have windows washer instaleld i do use it never had toruble with it before

TeMerc · 2007/01/09

Hello and welcome to WindowsBBS Forums.

Looks there are a few nasties on baord, lets see if we can't remove 'em.

Below you will find my results and recommendations from your HijackThis! log file analysis. Please read ALL instructions carefully BEFORE proceeding.

First thing I'd like you to do is to rename the HijackThis executable, hijackthis.exe to <anything of your choice> .exe, as long you change it's name. The reason for this is that Vundo infections, which use the DriveCleaner pop ups, is coded to avoid HJT detection, with a random rename, we circumvent this and some of the infection may show.

Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aswasuqk.dll ",setvm

O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe

Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Also, enable the 'Show Hidden Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Open 'My Computer' and select the 'Search' feature. Then click the 'All files and folders' button. Click the 'More advanced search options' button and be sure the 'Search system folders', 'Search hidden files and folders' and 'Search subfolders' boxes are check marked then search for and delete, if found, (some may not be present after previous steps) the following files/folders:
C:\WINDOWS\system32\winjews16.exe<<<--this file
C:\WINDOWS\system32\aswasuqk.dll<<<--this file

To exit Safe Mode, click the Start button, click Turn Off Computer, click Restart.

Post a new HJT log back into this thread please.

CD82 · 2007/01/09

you know i knida figured it was tnat winjews16.exe or had somehtign to do with it. if i see a process i dont like i usualy google it an it explins about it but it didnt show up nothin but ill get right on this thanks.

CD82 · 2007/01/09

Logfile of HijackThis v1.99.1
Scan saved at 10:48:42 AM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\HJT\tracker.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\cottyafl.dll
O2 - BHO: (no name) - {C58FC951-6AD4-43F2-B7B3-8FCA067E938F} - C:\WINDOWS\system32\vturp.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE "
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe "
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aswasuqk.dll ",setvm
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166699436406
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

ok here is the new log file

i not got a popup of some music heh thing

TeMerc · 2007/01/09

Ok, looks like we have unearthed Vundo as I expected so lets use the Vundo fix.

download VundoFix.exe to your desktop.

Double-click *VundoFix.exe* to run it.

Click the *Scan for Vundo* button.

Once it's done scanning, click the *Remove Vundo* button.

You will receive a prompt asking if you want to remove the files, click *YES*

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click *OK*.

Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

Once that is run, lets look for other nasties as well. Run ComboFix below.

Download combofix.exe

Double click combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

CD82 · 2007/01/09

VundoFix V6.2.13

Checking Java version...

Scan started at 6:57:31 PM 1/8/2007

Listing files found while scanning....

C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.bak1

VundoFix V6.2.6

Checking Java version...

Scan started at 11:08:25 AM 1/9/2007

Listing files found while scanning....

C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.bak1

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\vturp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\prutv.bak1
C:\WINDOWS\system32\prutv.bak1 Has been deleted!

Performing Repairs to the registry.
Done!
it didnt ask for a scan on reboot

new hijack log below

Logfile of HijackThis v1.99.1
Scan saved at 11:16:18 AM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\HJT\tracker.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\cottyafl.dll
O2 - BHO: (no name) - {C58FC951-6AD4-43F2-B7B3-8FCA067E938F} - C:\WINDOWS\system32\vturp.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE "
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe "
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aswasuqk.dll ",setvm
O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166699436406
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

combofix log below

ill post in a new post combo log not enough space

CD82 · 2007/01/09

well for the combo fix log there isnt enough space to post it so

TeMerc · 2007/01/09

Just split it up into as many posts as you need.

CD82 · 2007/01/09

CD - 07-01-09 11:17:19.51 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\CD\Desktop "
((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))
2007-01-09 10:01 <DIR> d-------- C:\HJT
2007-01-08 19:55 57,344 --a------ C:\WINDOWS\Unwash6.exe
2007-01-08 19:55 487,936 --a------ C:\WINDOWS\system32\wwSecure.exe
2007-01-08 19:55 <DIR> d-------- C:\Program Files\Webroot
2007-01-08 19:55 <DIR> d-------- C:\Program Files\Common Files\Webroot Shared
2007-01-08 19:55 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Webroot
2007-01-08 19:32 <DIR> d-------- C:\Documents and Settings\CD\.housecall6.6
2007-01-08 19:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-01-08 18:57 <DIR> d-------- C:\VundoFix Backups
2007-01-08 16:06 <DIR> d-------- C:\4ceaf2717e9926c4f79108a2d5
2007-01-08 15:12 44,060 --a------ C:\WINDOWS\system32\cottyafl.dll
2007-01-08 15:12 <DIR> d-------- C:\Program Files\VSAdd-in
2007-01-08 15:12 <DIR> d-------- C:\Documents and Settings\CD\Application Data\SearchToolbarCorp
2007-01-08 15:07 22,541 ---hs---- C:\WINDOWS\system32\ljjkhii.dll
2007-01-08 14:59 22,541 ---hs---- C:\WINDOWS\system32\opnkkli.dll
2007-01-08 14:44 <DIR> d-------- C:\Program Files\Alcohol Soft
2007-01-08 14:37 <DIR> d-------- C:\Program Files\PowerISO
2007-01-08 14:04 768,000 --a------ C:\WINDOWS\system32\exec1.exe
2007-01-08 13:04 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-01-07 23:19 <DIR> d-------- C:\Program Files\SafeNet Sentinel
2007-01-07 23:19 <DIR> d-------- C:\Program Files\Common Files\SafeNet Sentinel
2007-01-07 23:18 1,228,499 --a------ C:\WINDOWS\LightWave 3D 9 Uninstaller.exe
2007-01-07 23:18 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-01-07 23:18 <DIR> d-------- C:\Program Files\NewTek
2007-01-07 13:49 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-01-07 13:49 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-01-07 13:48 <DIR> d-------- C:\Program Files\Kuma Games
2007-01-06 17:13 <DIR> d-------- C:\Program Files\GFI
2007-01-06 17:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-04 22:34 57,344 --a------ C:\WINDOWS\system32\WNASPINT.DLL
2007-01-04 22:34 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-01-04 22:34 <DIR> d-------- C:\Program Files\Datel
2007-01-04 22:31 <DIR> d-------- C:\Program Files\Max Media Creator
2007-01-03 14:48 <DIR> d-------- C:\Program Files\SC4Tool
2007-01-02 11:03 <DIR> d-------- C:\gmax
2007-01-02 10:42 <DIR> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-01-02 10:42 <DIR> d-------- C:\Program Files\Autodesk
2007-01-02 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodesk
2007-01-01 19:26 <DIR> d-------- C:\Program Files\SynapticEffect
2007-01-01 19:24 <DIR> dr--s---- C:\WINDOWS\assembly
2007-01-01 19:24 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-01-01 19:24 <DIR> d-------- C:\WINDOWS\Microsoft.NET
2007-01-01 13:04 <DIR> d-------- C:\Program Files\BearFlix
2007-01-01 13:04 <DIR> d-------- C:\My Downloads
2007-01-01 12:46 <DIR> d-------- C:\Theme
2007-01-01 00:51 <DIR> d-------- C:\Program Files\LimeWire
2007-01-01 00:51 <DIR> d-------- C:\Documents and Settings\CD\Incomplete
2007-01-01 00:51 <DIR> d-------- C:\Documents and Settings\CD\Application Data\LimeWire
2006-12-30 20:35 <DIR> d-------- C:\Program Files\ArtMoney
2006-12-30 17:58 <DIR> d-------- C:\Program Files\Maxis
2006-12-30 17:55 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2006-12-30 17:55 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2006-12-30 17:55 <DIR> d-------- C:\Program Files\Cheat Engine
2006-12-30 16:45 299,520 --a------ C:\WINDOWS\uninst.exe
2006-12-29 23:37 26,496 --a------ C:\WINDOWS\system32\drivers\USBSTOR.SYS
2006-12-29 15:09 <DIR> d-------- C:\Program Files\Infogrames
2006-12-27 20:17 <DIR> d-------- C:\Program Files\Hunting Unlimited 4
2006-12-27 19:10 <DIR> d-------- C:\Program Files\YahELite
2006-12-27 17:31 85,520 --a------ C:\WINDOWS\system\XPRIG.DLL
2006-12-27 17:31 65,040 --a------ C:\WINDOWS\system\XPLOG.DLL
2006-12-27 17:31 61,968 --a------ C:\WINDOWS\system\XPCALL.DLL
2006-12-27 17:31 61,456 --a------ C:\WINDOWS\system\XPCOMP.DLL
2006-12-27 17:31 39,680 --a------ C:\WINDOWS\system\LGACCSS1.DLL
2006-12-27 17:31 355,136 --a------ C:\WINDOWS\system\SETUPX.DLL
2006-12-27 17:31 336,832 --a------ C:\WINDOWS\system\XPGL.DLL
2006-12-27 17:31 33,808 --a------ C:\WINDOWS\system\QRZDLL.DLL
2006-12-27 17:31 28,176 --a------ C:\WINDOWS\system\XPADLL.DLL
2006-12-27 17:31 26,266 --a------ C:\WINDOWS\system\WSAMAPI.DLL
2006-12-27 17:31 23,056 --a------ C:\WINDOWS\system\XPUTIL.DLL
2006-12-27 17:31 17,004 --a------ C:\WINDOWS\system\HAMCALL.DLL
2006-12-27 17:31 <DIR> d-------- C:\XPWIN
2006-12-27 13:32 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Help
2006-12-27 13:28 <DIR> d-------- C:\WINDOWS\RLZRUN20
2006-12-27 13:20 <DIR> d-------- C:\Documents and Settings\CD\Application Data\AdobeUM
2006-12-27 13:19 <DIR> d-------- C:\Program Files\Common Files\Adobe
2006-12-27 13:19 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Adobe
2006-12-26 20:38 <DIR> d-------- C:\Program Files\Adobe
2006-12-26 20:38 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Leadertech
2006-12-26 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-12-26 20:34 <DIR> d-------- C:\Program Files\Atari
2006-12-26 19:55 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-12-26 19:49 <DIR> d-------- C:\Program Files\Electronic Arts
2006-12-26 04:11 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-12-26 04:10 21,840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-12-26 04:10 17,212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-12-26 04:10 12,067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-12-26 02:55 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2006-12-26 02:55 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2006-12-26 02:47 <DIR> d-------- C:\Program Files\Diablo II
2006-12-25 19:57 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-12-25 19:57 249,856 --------- C:\WINDOWS\Setup1.exe
2006-12-25 19:57 <DIR> d-------- C:\Program Files\Hero Editor
2006-12-25 14:46 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Logitech
2006-12-25 05:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2006-12-25 05:23 94,208 --a------ C:\WINDOWS\KHALMNPR.Exe
2006-12-25 05:23 71,936 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2006-12-25 05:23 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2006-12-25 05:23 55,936 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2006-12-25 05:23 36,736 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2006-12-25 05:23 3,712 --a------ C:\WINDOWS\system32\drivers\LBeepKE.sys
2006-12-25 05:23 27,136 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2006-12-25 05:23 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2006-12-25 05:23 131,072 --a------ C:\WINDOWS\system32\KemUtil.dll
2006-12-25 05:23 13,568 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2006-12-25 05:23 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2006-12-25 05:23 <DIR> d-------- C:\Program Files\Logitech
2006-12-25 05:23 <DIR> d-------- C:\Program Files\Common Files\Logitech
2006-12-23 03:41 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-12-23 03:41 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-12-23 03:41 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-12-23 03:41 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-12-23 03:41 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-12-23 03:41 <DIR> d-------- C:\Program Files\Winamp
2006-12-22 14:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2006-12-22 03:13 <DIR> d-------- C:\Program Files\RhinoSoft.com
2006-12-22 03:07 <DIR> d-------- C:\Program Files\SmartFTP Client 2.0 Setup Files
2006-12-22 03:07 <DIR> d-------- C:\Program Files\SmartFTP Client 2.0
2006-12-22 03:07 <DIR> d-------- C:\Documents and Settings\CD\Application Data\SmartFTP
2006-12-22 02:34 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2006-12-22 02:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2006-12-22 02:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-12-22 02:34 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2006-12-22 02:34 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2006-12-22 02:34 <DIR> d-------- C:\Program Files\Ipswitch
2006-12-22 02:34 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Ipswitch
2006-12-22 02:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ipswitch
2006-12-21 17:50 41,984 --------- C:\WINDOWS\Ctregrun.exe
2006-12-21 17:48 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2006-12-21 17:48 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2006-12-21 17:47 90,112 --------- C:\WINDOWS\Updreg.EXE
2006-12-21 17:46 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2006-12-21 17:46 <DIR> d-------- C:\Program Files\OpenAL
2006-12-21 17:42 77,824 --------- C:\WINDOWS\system32\ctdvda32.dll
2006-12-21 17:40 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2006-12-21 17:25 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-12-21 12:35 <DIR> d-------- C:\Documents and Settings\CD\Application Data\F-Secure
2006-12-21 12:33 <DIR> d-------- C:\Program Files\Creative
2006-12-21 12:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Creative
2006-12-21 12:32 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2006-12-21 12:32 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2006-12-21 12:32 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-12-21 12:32 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-12-21 12:32 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-12-21 12:32 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-12-21 12:32 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-12-21 12:32 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2006-12-21 12:32 3,072 --a------ C:\WINDOWS\CTXFIRES.DLL
2006-12-21 12:32 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-12-21 12:32 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2006-12-21 12:32 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-12-21 12:32 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2006-12-21 12:32 11,776 --a------ C:\WINDOWS\INRES.DLL
2006-12-21 12:32 10,240 --a------ C:\WINDOWS\CTDCRES.DLL
2006-12-21 12:32 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2006-12-21 12:32 <DIR> d-------- C:\WINDOWS\system32\Data

CD82 · 2007/01/09

2006-12-21 12:32 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Creative
2006-12-21 12:30 70,960 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2006-12-21 12:30 33,552 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2006-12-21 12:30 118,842 -r------- C:\WINDOWS\bwUnin-6.3.2.116-7681197L.exe
2006-12-21 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2006-12-21 12:28 <DIR> d-------- C:\Program Files\F-Secure
2006-12-21 05:10 <DIR> d---s---- C:\Documents and Settings\CD\UserData
2006-12-21 03:48 <DIR> d-------- C:\WINDOWS\Sun
2006-12-21 03:48 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Sun
2006-12-21 03:48 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Azureus
2006-12-21 03:47 <DIR> d-------- C:\Program Files\Java
2006-12-21 03:47 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-21 03:46 <DIR> d-------- C:\Program Files\Azureus
2006-12-21 01:52 7,040 -ra------ C:\WINDOWS\system32\ntsim.sys
2006-12-21 01:52 44,544 -ra------ C:\WINDOWS\system32\drivers\getnd5b.sys
2006-12-21 01:50 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-12-21 01:50 <DIR> d-------- C:\Documents and Settings\CD\WINDOWS
2006-12-21 01:46 <DIR> dr-h----- C:\Documents and Settings\CD\SendTo
2006-12-21 01:46 <DIR> dr-h----- C:\Documents and Settings\CD\Recent
2006-12-21 01:46 <DIR> dr-h----- C:\Documents and Settings\CD\Application Data\.
2006-12-21 01:46 <DIR> dr-h----- C:\Documents and Settings\CD\Application Data
2006-12-21 01:46 <DIR> dr------- C:\Documents and Settings\CD\Start Menu
2006-12-21 01:46 <DIR> dr------- C:\Documents and Settings\CD\My Documents
2006-12-21 01:46 <DIR> d--h----- C:\Program Files\Uninstall Information
2006-12-21 01:46 <DIR> d--h----- C:\Documents and Settings\CD\Templates
2006-12-21 01:46 <DIR> d--h----- C:\Documents and Settings\CD\PrintHood
2006-12-21 01:46 <DIR> d--h----- C:\Documents and Settings\CD\NetHood
2006-12-21 01:46 <DIR> d--h----- C:\Documents and Settings\CD\Local Settings
2006-12-21 01:46 <DIR> d---s---- C:\Documents and Settings\CD\Cookies
2006-12-21 01:46 <DIR> d---s---- C:\Documents and Settings\CD\Application Data\Microsoft
2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\Desktop
2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Identities
2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\Application Data\..
2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\..
2006-12-21 01:46 <DIR> d-------- C:\Documents and Settings\CD\.
2006-12-21 01:44 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2006-12-21 01:44 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-21 01:44 <DIR> d-------- C:\WINDOWS\Prefetch
2006-12-21 01:40 0 -rahs---- C:\MSDOS.SYS
2006-12-21 01:40 0 -rahs---- C:\IO.SYS
2006-12-21 01:40 0 --a------ C:\CONFIG.SYS
2006-12-21 01:40 0 --a------ C:\AUTOEXEC.BAT
2006-12-21 01:40 <DIR> d-------- C:\WINDOWS\system32\xircom
2006-12-21 01:40 <DIR> d-------- C:\Program Files\xerox
2006-12-21 01:40 <DIR> d-------- C:\Program Files\microsoft frontpage
2006-12-21 01:39 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-12-21 01:39 <DIR> d--hs---- C:\Documents and Settings\All Users\DRM
2006-12-21 01:38 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-12-21 01:38 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2006-12-21 01:38 <DIR> d--h----- C:\Program Files\WindowsUpdate
2006-12-21 01:38 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2006-12-21 01:38 <DIR> d-------- C:\WINDOWS\system32\DirectX
2006-12-21 01:37 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-12-21 01:37 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-12-21 01:37 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-12-21 01:37 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-12-21 01:37 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-12-21 01:37 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-12-21 01:37 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-12-21 01:37 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-12-21 01:37 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-12-21 01:37 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-12-21 01:37 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-12-21 01:37 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-12-21 01:37 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-12-21 01:37 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-12-21 01:37 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-12-21 01:37 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-12-21 01:37 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-12-21 01:37 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-12-21 01:37 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-12-21 01:37 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-12-21 01:37 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-12-21 01:37 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-12-21 01:37 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-12-21 01:37 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-12-21 01:37 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-12-21 01:37 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-12-21 01:37 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-12-21 01:37 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-12-21 01:37 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-12-21 01:37 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-12-21 01:37 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-12-21 01:37 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-12-21 01:37 173,536 --a------ C:\WINDOWS\system32\wuweb.dll
2006-12-21 01:37 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-12-21 01:37 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-12-21 01:37 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-12-21 01:37 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-12-21 01:37 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-12-21 01:37 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-12-21 01:37 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-12-21 01:37 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-21 01:37 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-12-21 01:37 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-12-21 01:37 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-12-21 01:37 <DIR> d---s---- C:\WINDOWS\Tasks
2006-12-21 01:37 <DIR> d-------- C:\WINDOWS\system32\Restore
2006-12-21 01:37 <DIR> d-------- C:\WINDOWS\system32\Macromed
2006-12-21 01:37 <DIR> d-------- C:\WINDOWS\srchasst
2006-12-21 01:37 <DIR> d-------- C:\Program Files\Outlook Express
2006-12-21 01:37 <DIR> d-------- C:\Program Files\NetMeeting
2006-12-21 01:37 <DIR> d-------- C:\Program Files\Movie Maker
2006-12-21 01:37 <DIR> d-------- C:\Program Files\Internet Explorer
2006-12-21 01:37 <DIR> d-------- C:\Program Files\Common Files\System
2006-12-21 01:37 <DIR> d-------- C:\Program Files\Common Files\Services
2006-12-21 01:37 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2006-12-21 01:36 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-12-21 01:36 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-12-21 01:36 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-12-21 01:36 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-12-21 01:36 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-12-21 01:36 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-12-21 01:36 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-12-21 01:36 <DIR> d-------- C:\WINDOWS\Registration
2006-12-21 01:36 <DIR> d-------- C:\Program Files\Windows Media Player
2006-12-21 01:36 <DIR> d-------- C:\Program Files\Online Services
2006-12-21 01:36 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2006-12-21 01:36 <DIR> d-------- C:\Program Files\Messenger
2006-12-21 01:36 <DIR> d-------- C:\Program Files\ComPlus Applications
2006-12-21 01:35 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-12-21 01:35 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-12-21 01:35 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-12-21 01:35 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-12-21 01:35 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-12-21 01:35 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-12-21 01:35 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-12-21 01:35 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-12-21 01:35 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-12-21 01:35 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-12-21 01:35 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-12-21 01:35 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-12-21 01:35 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-12-21 01:35 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-12-21 01:35 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-12-21 01:35 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-12-21 01:35 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-12-21 01:35 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-12-21 01:35 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-12-21 01:35 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-12-21 01:35 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-12-21 01:35 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-12-21 01:35 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-12-21 01:35 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-12-21 01:35 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-12-21 01:35 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-12-21 01:35 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-12-21 01:35 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-12-21 01:35 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-12-21 01:35 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-12-21 01:35 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-12-21 01:35 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-12-21 01:35 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-12-21 01:35 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-12-21 01:35 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-12-21 01:35 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-12-21 01:35 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-12-21 01:35 25,600 --a------ C:\WINDOWS\system32\comaddin.dll

CD82 · 2007/01/09

2006-12-21 01:35 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-12-21 01:35 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-12-21 01:35 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-12-21 01:35 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-12-21 01:35 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-12-21 01:35 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-12-21 01:35 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-12-21 01:35 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-12-21 01:35 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-12-21 01:35 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-12-21 01:35 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-12-21 01:35 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-12-21 01:35 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-12-21 01:35 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-12-21 01:35 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-12-21 01:35 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-12-21 01:35 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-12-21 01:35 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-12-21 01:35 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-12-21 01:35 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-12-21 01:35 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-12-21 01:35 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-12-21 01:35 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-12-21 01:35 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-12-21 01:35 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-12-21 01:35 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-12-21 01:35 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-12-21 01:35 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-12-21 01:35 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-12-21 01:35 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-12-21 01:35 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-12-21 01:35 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-12-21 01:35 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-12-21 01:35 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-12-21 01:35 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-12-21 01:35 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-12-21 01:35 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-12-21 01:35 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-12-21 01:35 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-12-21 01:35 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2006-12-21 01:35 <DIR> d-------- C:\WINDOWS\system32\Com
2006-12-21 01:35 <DIR> d-------- C:\Program Files\Windows NT
2006-12-21 01:35 <DIR> d-------- C:\Program Files\MSN
2006-12-21 00:38 <DIR> d-------- C:\Program Files\WinRAR
2006-12-21 00:37 <DIR> d-------- C:\Program Files\Foxit Software
2006-12-21 00:11 <DIR> d--hs---- C:\RECYCLER
2006-12-21 00:09 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-12-21 00:09 <DIR> d-------- C:\WINDOWS\nview
2006-12-21 00:08 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-12-21 00:08 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2006-12-21 00:08 <DIR> d-------- C:\NVIDIA
2006-12-20 23:56 <DIR> dr-h----- C:\Documents and Settings\CD\Application Data\yahoo!
2006-12-20 23:55 <DIR> d-------- C:\Documents and Settings\CD\Application Data\Macromedia
2006-12-20 23:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-12-20 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2006-12-20 23:53 <DIR> d-------- C:\Program Files\Yahoo!
2006-12-20 17:31 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-12-20 17:31 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-12-20 17:31 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-12-20 17:31 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-12-20 17:31 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-12-20 17:31 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-12-20 17:30 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2006-12-20 17:30 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-12-20 17:30 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2006-12-20 17:30 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2006-12-20 17:30 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-12-20 17:30 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-12-20 17:30 26,624 --a------ C:\WINDOWS\system32\Icam3EXT.dll
2006-12-20 17:30 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-12-20 17:30 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-12-20 17:30 141,056 --a------ C:\WINDOWS\system32\drivers\Icam3.sys
2006-12-20 17:29 74,240 --a------ C:\WINDOWS\system32\usbui.dll
2006-12-20 17:29 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-12-20 17:29 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-12-20 17:29 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2006-12-20 17:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2006-12-20 17:28 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdycc.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbduzb.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdur.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdtat.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdru1.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdru.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdkaz.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdbu.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdblr.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2006-12-20 17:28 5,632 -ra------ C:\WINDOWS\system32\kbdaze.dll
2006-12-20 17:28 <DIR> dr------- C:\Program Files\Common Files\..
2006-12-20 17:28 <DIR> dr------- C:\Program Files\.
2006-12-20 17:28 <DIR> dr------- C:\Program Files
2006-12-20 17:28 <DIR> d--hs---- C:\WINDOWS\Installer
2006-12-20 17:28 <DIR> d--hs---- C:\Program Files\..
2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files\ODBC
2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files\Microsoft Shared
2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files\.
2006-12-20 17:28 <DIR> d-------- C:\Program Files\Common Files
2006-12-20 17:27 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2006-12-20 17:27 9,008 --a------ C:\WINDOWS\system\VER.DLL
2006-12-20 17:27 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2006-12-20 17:27 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2006-12-20 17:27 8,704 --a------ C:\WINDOWS\system32\batt.dll
2006-12-20 17:27 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2006-12-20 17:27 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-12-20 17:27 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2006-12-20 17:27 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2006-12-20 17:27 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-12-20 17:27 68,768 --a------ C:\WINDOWS\system\MMSYSTEM.DLL
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2006-12-20 17:27 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2006-12-20 17:27 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2006-12-20 17:27 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2006-12-20 17:27 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2006-12-20 17:27 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2006-12-20 17:27 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-12-20 17:27 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2006-12-20 17:27 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2006-12-20 17:27 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-12-20 17:27 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-12-20 17:27 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-12-20 17:27 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2006-12-20 17:27 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-12-20 17:27 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2006-12-20 17:27 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
2006-12-20 17:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data\.
2006-12-20 17:27 <DIR> dr-h----- C:\Documents and Settings\All Users\Application Data
2006-12-20 17:27 <DIR> dr------- C:\Documents and Settings\All Users\Start Menu
2006-12-20 17:27 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2006-12-20 17:27 <DIR> d--h----- C:\Documents and Settings\All Users\Templates
2006-12-20 17:27 <DIR> d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2006-12-20 17:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2006-12-20 17:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2006-12-20 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Favorites
2006-12-20 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Desktop
2006-12-20 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\..
2006-12-20 17:26 <DIR> d--hs---- C:\System Volume Information
2006-12-20 17:26 <DIR> d-------- C:\Documents and Settings\All Users\..
2006-12-20 17:26 <DIR> d-------- C:\Documents and Settings\All Users\.
2006-12-20 17:26 <DIR> d-------- C:\Documents and Settings
2006-12-20 17:19 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-12-20 17:19 <DIR> dr--s---- C:\WINDOWS\Fonts
2006-12-20 17:19 <DIR> dr------- C:\WINDOWS\Web
2006-12-20 17:19 <DIR> d--hs---- C:\WINDOWS\..
2006-12-20 17:19 <DIR> d--h----- C:\WINDOWS\inf
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\WinSxS
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\twain_32

CD82 · 2007/01/09

2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Temp
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\wins
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\wbem
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\usmt
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\spool
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\ShellExt
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\Setup
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\ras
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\oobe
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\npp
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\mui
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\inetsrv
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\IME
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\icsxml
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\ias
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\export
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\etc
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\disdn
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\..
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers\.
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\drivers
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\dhcp
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\config
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\3com_dmi
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\3076
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\2052
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1054
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1042
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1041
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1037
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1033
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1031
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1028
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\1025
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\..
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32\.
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system32
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system\..
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system\.
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\system
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\security
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Resources
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\repair
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Provisioning
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\PeerNet
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\pchealth
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\mui
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\msapps
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\msagent
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Media
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\java
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\ime
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Help
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\ehome
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Driver Cache
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Debug
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Cursors
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Connection Wizard
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\Config
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\AppPatch
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\addins
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS\.
2006-12-20 17:19 <DIR> d-------- C:\WINDOWS
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Yahoo! Pager "= "\ "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet "
"Creative Detector "= "\ "C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R "
"Window Washer "= "C:\\Program Files\\Webroot\\Washer\\wwDisp.exe "
"MSMSGS "= "\ "C:\\Program Files\\Messenger\\msmsgs.exe\" /background "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup "
"nwiz "= "nwiz.exe /install "
"NvMediaCenter "= "RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit "
"SunJavaUpdateSched "= "\ "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\" "
"F-Secure Manager "= "\ "C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash "
"F-Secure TNB "= "\ "C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW "
"CTHelper "= "CTHELPER.EXE "
"CTxfiHlp "= "CTXFIHLP.EXE "
"CTDVDDET "= "\ "C:\\Program Files\\Creative\\Sound Blaster X-Fi\\DVDAudio\\CTDVDDET.EXE\" "
"RCSystem "= "\ "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" RCSystem * -Startup "
"AudioDrvEmulator "= "\ "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \ "C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\" "
"VolPanel "= "\ "C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanel.exe\" /r "
"UpdReg "= "C:\\WINDOWS\\UpdReg.EXE "
"Logitech Hardware Abstraction Layer "= "\ "C:\\Program Files\\Common Files\\Logitech\\khalshared\\KHALMNPR.EXE\" "
@=" "
"Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE "
"Launch LCDMon "= "\ "C:\\Program Files\\Common Files\\Logitech\\LCD Manager\\lcdmon.exe\" "
"Launch LGDCore "= "\ "C:\\Program Files\\Common Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE "
"DllRunning "= "rundll32.exe \ "C:\\WINDOWS\\system32\\aswasuqk.dll\ ",setvm "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Systems16 "= "C:\\WINDOWS\\system32\\winjews16.exe "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

Completion time: 07-01-09 11:18:22.07
C:\ComboFix.txt ... 07-01-09 11:18

TeMerc · 2007/01/09

OK, lets get some files deleted and see if we can't get your machine back in your control.

Download the Killbox from here and save it to the desktop.

Double-click the KillBox icon on your desktop to open it

Select "Delete on Reboot "

Then select "All files ".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\cottyafl.dll
C:\WINDOWS\system32\vturp.dll
C:\WINDOWS\system32\aswasuqk.dll
C:\WINDOWS\system32\winjews16.exe
C:\4ceaf2717e9926c4f79108a2d5
C:\WINDOWS\system32\cottyafl.dll
C:\WINDOWS\system32\ljjkhii.dll
C:\WINDOWS\system32\opnkkli.dll

Return to Killbox

Go to the File menu, and choose "Paste from Clipboard ".

Click the red-and-white [Delete File] button.

Click "Yes" at the Delete on Reboot prompt. Click "No" at the 'Pending Operations' prompt.

Do not allow a reboot yer.

Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\cottyafl.dll

O2 - BHO: (no name) - {C58FC951-6AD4-43F2-B7B3-8FCA067E938F} - C:\WINDOWS\system32\vturp.dll (file missing)

O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\aswasuqk.dll ",setvm

O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe

Reboot and run ComboFix first, then HJT and post both logs back into this thread.

I'd also like you to check out the following files, they get zero hits via Google, but you have a lot of games on the system, and they may be related to some of them, or maybe you'll know what they are for. Just check the file properties:
Right click each file, select 'Properties' and give me all the info contained within the tabs. Manufacturer, version, language, date created so forth.
C:\XPWIN<<<--this folder
C:\WINDOWS\system\XPUTIL.DLL<<<--this file
C:\WINDOWS\system\WSAMAPI.DLL<<<--this file
C:\WINDOWS\system\XPADLL.DLL<<<--this file
C:\WINDOWS\system\XPGL.DLL<<<--this file
C:\WINDOWS\system\XPCALL.DLL<<<--this file
C:\WINDOWS\system\XPRIG.DLL<<<--this file

CD82 · 2007/01/09

well i saw your post an isncei id al lthat stuff erlier i havnt had any more problems or nothin

TeMerc · 2007/01/09

We still need to get a ComboFix log and HJT, in that order please. Many an occasion it is that things don't disappear on the first shot.

I'd also like to know what info you found on those files.

CD82 · 2007/01/10

they all work with an unknowen app that xpwin i dont knwo what it is but its gone

ill get that other log stuff on here tomorrow its late an i had a emergency i had to go deal with

CD82 · 2007/01/10

Logfile of HijackThis v1.99.1
Scan saved at 10:16:02 AM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\tracker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\cottyafl.dll (file missing)
O2 - BHO: (no name) - {C58FC951-6AD4-43F2-B7B3-8FCA067E938F} - C:\WINDOWS\system32\vturp.dll (file missing)
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE "
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe "
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Skype@phone] C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166699436406
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

also i hve a ? is it safe to even use yahoo toolbar?? its got the built in pop up blocker an stuff i dont use firefox at all i dislike it

TeMerc · 2007/01/10

I hope the emergency went as good as can be expected.

OK, depending on what ComboFix shows, if anything, we can proceed with fixing below.

Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\system32\cottyafl.dll (file missing)

O2 - BHO: (no name) - {C58FC951-6AD4-43F2-B7B3-8FCA067E938F} - C:\WINDOWS\system32\vturp.dll (file missing)

O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

Reboot, post new log, along with that ComboFix log as well.

is it safe to even use yahoo toolbar?? its got the built in pop up blocker an stuff
Click to expand...

Sure it is, I prefer Google Toolbar, but since I now have IE7 which incorporates Google as my default search engine I dumped it. Besides, IE7 didn't like the toolbar.

CD82 · 2007/01/10

ok here is the hjt log

Logfile of HijackThis v1.99.1
Scan saved at 12:58, on 07-01-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\wwSecure.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\HJT\tracker.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe "
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE "
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll "
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe "
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Skype@phone] C:\Program Files\SkypeUSBPhoneDriver\Skype@phone.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 7.0\statusmonitor.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1166699436406
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: GFI LANguard N.S.S. 7.0 Attendant Service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 7.0\lnssatt.exe" -service (file missing)
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

TeMerc · 2007/01/10

That looks great... now if we could get that ComboFix log we can wrap this up.

Log in or Sign up

Browser Hijacked with spyware

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Log in or Sign up

Browser Hijacked with spyware

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

CD82 Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Useful Searches