1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] Rogue Antivirus 2009

Discussion in 'Malware and Virus Removal Archive' started by living life, 2008/09/04.

  1. 2008/09/04
    living life

    living life Inactive Thread Starter

    Joined:
    2008/07/15
    Messages:
    74
    Likes Received:
    0
    It looks like this was accidently downloaded to our computer. I think that it was successfully removed, but having your clearance is the peace of mind that we need.

    Thank you for all of your help. The following is the HiJack this and Malware results.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:17:43 PM, on 9/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Family Safety\fssui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [McafWelcome] c:\PROGRA~1\mcafee.com\agent\mcwelcom.exe
    O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fssui.exe" -autorun
    O4 - HKLM\..\Run: [else tool title ping] C:\Documents and Settings\All Users\Application Data\Loud spam else tool\Great 32.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [A00F1F3FCD3.exe] C:\DOCUME~1\Nancy\LOCALS~1\Temp\_A00F1F3FCD3.exe
    O4 - HKCU\..\Run: [A00FABE00.exe] C:\DOCUME~1\Nancy\LOCALS~1\Temp\_A00FABE00.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143163050640
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O20 - Winlogon Notify: __c0065411 - C:\WINDOWS\system32\__c0065411.dat (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 11765 bytes

    Malwarebytes' Anti-Malware 1.26
    Database version: 1113
    Windows 5.1.2600 Service Pack 2

    9/4/2008 6:26:13 PM
    mbam-log-2008-09-04 (18-26-13).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 118449
    Time elapsed: 43 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Program Files\AV9 (Rogue.Antivirus2009) -> Quarantined and deleted successfully.

    Files Infected:
    (No malicious items detected)
     
    living life,
    #1
  2. 2008/09/05
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Please do this.

    Jotti File Submission:
    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
      • C:\DOCUME~1\Nancy\LOCALS~1\Temp\_A00F1F3FCD3.exe
        C:\DOCUME~1\Nancy\LOCALS~1\Temp\_A00FABE00.exe
    • Click on the submit button
    • Please post the results in your next reply.


    Please run Combofix.

    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post the Combofix log
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Please post the Combofix log and the Jotti results.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/09/10
    living life

    living life Inactive Thread Starter

    Joined:
    2008/07/15
    Messages:
    74
    Likes Received:
    0
    Results

    Thank you for your help,

    I could not get Jotti to scan the files. The first one would not load even after 20 minutes it showed only 50% uploaded. I tried several times over the past few days. The second file also would not load, but Jotti showed a message saying that there was 0 bytes in the file and that it may be blocked by a virus.

    So I did the ComboFix and tried again, but only to find the same results.

    This is the ComboFix log.

    Sincerely,
    Living Life

    ComboFix 08-09-05.14 - Nancy 2008-09-10 12:02:56.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.237 [GMT -4:00]
    Running from: C:\Documents and Settings\Nancy\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-08-10 to 2008-09-10 )))))))))))))))))))))))))))))))
    .

    2008-09-04 17:40 . 2008-09-04 17:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-04 17:40 . 2008-09-04 17:40 <DIR> d-------- C:\Documents and Settings\Nancy\Application Data\Malwarebytes
    2008-09-04 17:40 . 2008-09-04 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-04 17:40 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-04 17:40 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-04 16:49 . 2008-09-06 13:01 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-09-04 16:44 . 2008-09-10 10:05 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
    2008-09-04 16:44 . 2008-09-04 16:44 <DIR> d-------- C:\Program Files\AVG
    2008-09-04 16:44 . 2008-09-04 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
    2008-09-04 16:44 . 2008-09-04 16:44 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-09-04 16:44 . 2008-09-04 16:44 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
    2008-09-04 15:17 . 2008-09-04 15:17 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-02 19:21 . 2008-09-02 19:21 <DIR> d-------- C:\Program Files\stop info
    2008-09-02 19:20 . 2008-09-02 19:20 <DIR> d-------- C:\Program Files\Circle Developement
    2008-08-14 19:35 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-10 15:15 --------- d-----w C:\Program Files\Windows Live
    2008-09-09 15:04 --------- d-----w C:\Documents and Settings\Nancy\Application Data\AdobeUM
    2008-09-04 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Loud spam else tool
    2008-09-04 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\greatbindchicup
    2008-09-04 20:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-09-04 19:42 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-09-04 19:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-09-04 19:30 --------- d-----w C:\Program Files\Google
    2008-09-04 19:09 --------- d-----w C:\Documents and Settings\Nancy\Application Data\Lavasoft
    2008-09-02 23:20 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-31 16:40 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-07-29 14:10 --------- d-----w C:\Program Files\Java
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
    2006-03-24 00:15 298 -c--a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((( snapshot@2008-09-04_15.25.23.73 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-03-12 15:43:27 29,926 -c--a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
    + 2008-09-10 15:31:46 29,926 ----a-r C:\WINDOWS\Installer\{508CE775-4BA4-4748-82DF-FE28DA9F03B0}\MsblIco.Exe
    + 2008-09-04 20:44:45 26,824 ----a-w C:\WINDOWS\system32\drivers\avgmfx86.sys
    - 2008-03-13 09:32:14 54,590 ----a-w C:\WINDOWS\system32\perfc009.dat
    + 2008-09-04 20:00:13 54,590 ----a-w C:\WINDOWS\system32\perfc009.dat
    - 2008-03-13 09:32:14 384,890 -c--a-w C:\WINDOWS\system32\perfh009.dat
    + 2008-09-04 20:00:13 384,890 ----a-w C:\WINDOWS\system32\perfh009.dat
    + 2006-12-02 02:56:00 96,256 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
    + 2006-12-02 02:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
    + 2006-12-02 02:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
    + 2006-12-02 02:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
    + 2006-12-02 04:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
    + 2006-12-02 04:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
    + 2006-12-02 04:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
    + 2006-12-02 04:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
    + 2006-12-02 04:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
    + 2006-12-02 04:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
    + 2006-12-02 04:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
    + 2006-12-02 04:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
    + 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
    + 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
    + 2006-12-02 04:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
    + 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
    + 2006-12-02 04:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
    + 2006-12-02 04:46:44 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
    + 2008-04-15 17:54:19 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "MsnMsgr "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-11 26112]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 110592]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
    "MSKDetectorExe "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
    "Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-05-18 155648]
    "Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-13 409600]
    "else tool title ping "= "C:\Documents and Settings\All Users\Application Data\Loud spam else tool\Great 32.exe" [2008-09-10 4323840]
    "AVG8_TRAY "= "C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-04 1235736]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msvideo7 "= STV680tg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Messenger\\msmsgs.exe "=
    "C:\\Program Files\\iTunes\\iTunes.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
    "C:\\Program Files\\NetMeeting\\conf.exe "=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-04 97928]
    R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-04 231704]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-NavLogon - (no file)


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-10 12:04:54
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-09-10 12:05:57
    ComboFix-quarantined-files.txt 2008-09-10 16:05:42
    ComboFix2.txt 2008-09-04 19:27:11

    Pre-Run: 60,986,519,552 bytes free
    Post-Run: 61,034,827,776 bytes free

    185 --- E O F --- 2008-09-10 14:13:04
     
    living life,
    #3
  5. 2008/09/10
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi

    Messenger Plus! Live has given you a LOP infection and needs to be removed.
    If you like this program then you can redownload it, BUT make sure you opt out of any of their sponcer programs when installing it.


    Please do the following.

    Please go to Start > Control Panel > Add/Remove Programs (Windows Vista it’s Programs and Features) and remove the following (if present):


    Messenger Plus! Live

    Please Download NoLop to your desktop from one of the links below...
    Link 1
    Link 2
    Link 3
    • First close any other programs you have running as this will require a reboot
    • Double click NoLop.exe to run it
    • Now click the button labelled "Search and Destroy "
      <<your computer will now be scanned for infected files>>
    • When scanning is finished you will be prompted to reboot only if infected, Click OK
    • Now click the "REBOOT" Button.
    • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
    --If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

    You ran Combofix 2 times I need to see the first log.
    ComboFix 08-09-05.14 - Nancy 2008-09-10 12:02:56.2

    Please go to C:\qoobox and open the qoobox folder and copy and paste the ComboFix2.txt log back here.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/09/26
    living life

    living life Inactive Thread Starter

    Joined:
    2008/07/15
    Messages:
    74
    Likes Received:
    0
    I was away

    Hi Geri,

    Sorry, vacation time! I will do that today and post the information.

    Sincerely,
    Living Life
     
    living life,
    #5
  7. 2008/09/26
    living life

    living life Inactive Thread Starter

    Joined:
    2008/07/15
    Messages:
    74
    Likes Received:
    0
    LOP information

    Hi Geri,

    this is the information that you asked for. Thank you for your patience.

    Sincerely,
    Living Life

    NoLop! Log by Skate_Punk_21

    Fix running from: C:\Documents and Settings\Nancy\Desktop
    [9/26/2008]
    [11:47:53 AM]

    ---Infection Files Found/Removed---
    C:\WINDOWS\tasks\B4839F9D90700ABD.job

    Beginning Removal...
    Rebooting...
    Removing Lop's Leftover Files/Folders...
    Editing Registry...
    **Fix Complete!**

    ---Listing AppData sub directories---

    C:\Documents and Settings\Administrator\Application Data\Gtek
    C:\Documents and Settings\Administrator\Application Data\Microsoft
    C:\Documents and Settings\Administrator.d401mm91\Application Data\Gtek
    C:\Documents and Settings\Administrator.d401mm91\Application Data\Identities
    C:\Documents and Settings\Administrator.d401mm91\Application Data\Microsoft
    C:\Documents and Settings\Administrator.d401mm91\Application Data\Sun
    C:\Documents and Settings\Administrator.d401mm91\Application Data\You've Got Pictures Screensaver
    C:\Documents and Settings\All Users\Application Data\Adobe
    C:\Documents and Settings\All Users\Application Data\Aol -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Apple Computer
    C:\Documents and Settings\All Users\Application Data\Avg8
    C:\Documents and Settings\All Users\Application Data\Canonbj
    C:\Documents and Settings\All Users\Application Data\Google
    C:\Documents and Settings\All Users\Application Data\Greatbindchicup
    C:\Documents and Settings\All Users\Application Data\Gtek
    C:\Documents and Settings\All Users\Application Data\Installshield
    C:\Documents and Settings\All Users\Application Data\Loud Spam Else Tool -- EMPTY Directory
    C:\Documents and Settings\All Users\Application Data\Malwarebytes
    C:\Documents and Settings\All Users\Application Data\Mcafee
    C:\Documents and Settings\All Users\Application Data\Mcafee.com
    C:\Documents and Settings\All Users\Application Data\Mcafee.com Personal Firewall
    C:\Documents and Settings\All Users\Application Data\Microsoft
    C:\Documents and Settings\All Users\Application Data\Quicktime
    C:\Documents and Settings\All Users\Application Data\Sbsi
    C:\Documents and Settings\All Users\Application Data\Sonic
    C:\Documents and Settings\All Users\Application Data\Symantec
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
    C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    C:\Documents and Settings\All Users\Application Data\Wlinstaller
    C:\Documents and Settings\Default User\Application Data\Gtek
    C:\Documents and Settings\Default User\Application Data\Identities
    C:\Documents and Settings\Default User\Application Data\Microsoft
    C:\Documents and Settings\Default User\Application Data\Sun
    C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
    C:\Documents and Settings\Guest\Application Data\Google -- EMPTY Directory
    C:\Documents and Settings\Guest\Application Data\Gtek
    C:\Documents and Settings\Guest\Application Data\Identities
    C:\Documents and Settings\Guest\Application Data\Macromedia
    C:\Documents and Settings\Guest\Application Data\Microsoft
    C:\Documents and Settings\Guest\Application Data\Sun
    C:\Documents and Settings\Guest\Application Data\You've Got Pictures Screensaver
    C:\Documents and Settings\Localservice\Application Data\Adobe
    C:\Documents and Settings\Localservice\Application Data\Google -- EMPTY Directory
    C:\Documents and Settings\Localservice\Application Data\Mcafee.com Personal Firewall
    C:\Documents and Settings\Localservice\Application Data\Microsoft
    C:\Documents and Settings\Nancy\Application Data\Adobe
    C:\Documents and Settings\Nancy\Application Data\Adobeum -- EMPTY Directory
    C:\Documents and Settings\Nancy\Application Data\Apple Computer
    C:\Documents and Settings\Nancy\Application Data\Block Checker
    C:\Documents and Settings\Nancy\Application Data\Corel Photo Album
    C:\Documents and Settings\Nancy\Application Data\Google
    C:\Documents and Settings\Nancy\Application Data\Gtek
    C:\Documents and Settings\Nancy\Application Data\Identities
    C:\Documents and Settings\Nancy\Application Data\Lavasoft -- EMPTY Directory
    C:\Documents and Settings\Nancy\Application Data\Macromedia
    C:\Documents and Settings\Nancy\Application Data\Malwarebytes
    C:\Documents and Settings\Nancy\Application Data\Mcafee.com Personal Firewall -- EMPTY Directory
    C:\Documents and Settings\Nancy\Application Data\Microsoft
    C:\Documents and Settings\Nancy\Application Data\Move Networks
    C:\Documents and Settings\Nancy\Application Data\Sony Corporation
    C:\Documents and Settings\Nancy\Application Data\Sun
    C:\Documents and Settings\Nancy\Application Data\You've Got Pictures Screensaver
    C:\Documents and Settings\Networkservice\Application Data\Microsoft





    ComboFix 08-09-03.06 - Nancy 2008-09-04 15:20:10.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.217 [GMT -4:00]
    Running from: F:\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Nancy\Cookies\nancy@nbjmp[2].txt
    C:\Documents and Settings\Nancy\Cookies\nancy@sympatico[2].txt
    C:\Documents and Settings\Nancy\Cookies\nancy@www.1800mysurgeon[1].txt
    C:\WINDOWS\system32\winsrc.dll
    C:\WINDOWS\system32\winsrc.dll.tmp
    C:\xcrashdump.dat

    .
    ((((((((((((((((((((((((( Files Created from 2008-08-04 to 2008-09-04 )))))))))))))))))))))))))))))))
    .

    2008-09-04 15:17 . 2008-09-04 15:17 <DIR> d-------- C:\Program Files\Trend Micro
    2008-09-02 19:21 . 2008-09-02 19:21 <DIR> d-------- C:\Program Files\stop info
    2008-09-02 19:20 . 2008-09-02 19:20 <DIR> d-------- C:\Program Files\Circle Developement
    2008-08-22 14:57 . 2008-08-29 20:19 <DIR> d-------- C:\Program Files\AV9
    2008-08-14 19:35 . 2008-05-01 10:30 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-04 19:22 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-09-04 19:09 --------- d-----w C:\Program Files\Google
    2008-09-04 19:09 --------- d-----w C:\Documents and Settings\Nancy\Application Data\Lavasoft
    2008-09-02 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Loud spam else tool
    2008-09-02 23:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\greatbindchicup
    2008-09-02 23:20 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-08-31 16:40 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2008-07-29 14:10 --------- d-----w C:\Program Files\Java
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
    2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
    2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
    2008-07-19 02:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-19 02:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
    2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
    2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
    2006-03-24 00:15 298 -c--a-w C:\Program Files\INSTALL.LOG
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "MsnMsgr "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 77824]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 114688]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "DMXLauncher "= "C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-11 26112]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 110592]
    "ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "DLA "= "C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-08 8192]
    "MSKDetectorExe "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-07-12 1117184]
    "ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
    "vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
    "Corel Photo Downloader "= "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 274432]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2006-05-18 155648]
    "Easy-PrintToolBox "= "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-13 409600]
    "fssui "= "C:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 243240]
    "else tool title ping "= "C:\Documents and Settings\All Users\Application Data\Loud spam else tool\Great 32.exe" [2008-09-04 3105280]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msvideo7 "= STV680tg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify "=dword:00000001
    "UpdatesDisableNotify "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Messenger\\msmsgs.exe "=
    "C:\\Program Files\\iTunes\\iTunes.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe "=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
    "C:\\Program Files\\NetMeeting\\conf.exe "=

    R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
    R2 fsssvc;Windows Live OneCare Family Safety;C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2007-12-17 523816]

    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-VSOCheckTask - C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
    HKLM-Run-VirusScan Online - c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    HKLM-Run-OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe
    HKLM-Run-MSKAGENTEXE - C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
    HKLM-Run-MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    HKLM-Run-MCUpdateExe - c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    HKLM-Run-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    HKLM-Run-McafWelcome - c:\PROGRA~1\mcafee.com\agent\mcwelcom.exe
    Notify-__c0065411 - C:\WINDOWS\system32\__c0065411.dat


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

    O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
    C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-04 15:23:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EraserUtilDrv10821]
    "ImagePath "= "\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10821.sys "
    .
    Completion time: 2008-09-04 15:27:07
    ComboFix-quarantined-files.txt 2008-09-04 19:26:59

    Pre-Run: 60,912,885,760 bytes free
    Post-Run: 61,118,259,200 bytes free

    159 --- E O F --- 2008-08-15 05:09:44

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:00:35 PM, on 9/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143163050640
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

    --
    End of file - 8221 bytes
     
    living life,
    #6
  8. 2008/09/27
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK please do this.

    Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    Folder::
C:\Documents and Settings\All Users\Application Data\Loud spam else tool
C:\Documents and Settings\All Users\Application Data\greatbindchicup

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "else tool title ping "=-
    Please post the combofix log.

    Thanks
    Geri
     
    Geri,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...