Solved Annoying Ads...

[Resolved]Annoying Ads...

My internet has been slow these past few days and while I'm on my internet browser, occasionally an advertisement would pop up.

Thank you in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 6:33:33 PM, on 04/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
F:\Program Files\Stardock\DesktopX\DesktopX.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Quicktime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Stardock\CursorXP\CursorXP.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\msiexec.exe
F:\Program Files\Hijack This\HijackThis.exe

O1 - Hosts: 204.228.229.111 streetchallenge.info
O1 - Hosts: 204.228.229.111 www.streetchallenge.info
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [bc8d3a01] rundll32.exe "C:\WINDOWS\system32\ejlprkhh.dll ",b
O4 - HKLM\..\Run: [BMbfbe099d] Rundll32.exe "C:\WINDOWS\system32\rimfjryd.dll ",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - Startup: Clearness time.lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Clearnesstime\Clearness time.exe
O4 - Startup: Vista outlook (light).lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Vistaoutlooklight\Vista outlook (light).exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Hi imprttunrz
Welcome to Windowsbbs.

Please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Thank you so much for your help! I'm already noticing a change.

ComboFix Log:

ComboFix 08-06-05.3 - Imprt_Tunrz 2008-06-06 0:54:29.3 - NTFSx86
Running from: G:\Download from Internet\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMbfbe099d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
.
---- Previous Run -------
.
C:\WINDOWS\BMbfbe099d.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cjhtdane.exe
C:\WINDOWS\system32\efcYOefc.dll
C:\WINDOWS\system32\favqeewd.exe
C:\WINDOWS\system32\fgdufson.exe
C:\WINDOWS\system32\iucfuqer.exe
C:\WINDOWS\system32\jhngqwpi.exe
C:\WINDOWS\system32\jlmmlUvw.ini
C:\WINDOWS\system32\jlmmlUvw.ini2
C:\WINDOWS\system32\jucmqnes.dll
C:\WINDOWS\system32\jujjxexp.exe
C:\WINDOWS\system32\kwuqcesx.dll
C:\WINDOWS\system32\lqardeha.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nkvpcbus.dll
C:\WINDOWS\system32\oddjerer.ini
C:\WINDOWS\system32\pnwigliv.exe
C:\WINDOWS\system32\psclwpwx.dll
C:\WINDOWS\system32\rerejddo.dll
C:\WINDOWS\system32\rrbwkxjm.dll
C:\WINDOWS\system32\tbmtokps.dll
C:\WINDOWS\system32\vhrmfbef.dll
C:\WINDOWS\system32\wcnphibp.dll
C:\WINDOWS\system32\xdnntriu.exe
C:\WINDOWS\system32\yhxkmhcm.exe
C:\WINDOWS\system32\yjdktqnu.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 17:45 . 2008-06-05 17:45 133,120 --a------ C:\WINDOWS\system32\fwoauukm.dll
2008-06-05 17:39 . 2008-06-06 00:51 1,572,346 ---hs---- C:\WINDOWS\system32\ktybfpnp.ini
2008-06-05 17:39 . 2008-06-05 17:39 117,248 --a------ C:\WINDOWS\system32\pnpfbytk.dll
2008-06-05 17:36 . 2008-06-05 17:36 126,976 --a------ C:\WINDOWS\system32\yygawwbm.dll
2008-06-05 15:06 . 2008-06-05 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 21:50 . 2008-06-04 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 21:48 . 2008-06-04 21:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 18:28 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-04 18:27 . 2008-06-04 18:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-04 17:37 . 2008-06-05 15:03 1,572,226 --ahs---- C:\WINDOWS\system32\hhkrplje.ini
2008-06-04 17:37 . 2008-06-04 17:37 132,608 --a------ C:\WINDOWS\system32\fajcbgjs.dll
2008-06-04 17:37 . 2008-06-04 17:37 116,736 --a------ C:\WINDOWS\system32\ejlprkhh.dll
2008-06-04 17:35 . 2008-06-04 17:35 126,976 --a------ C:\WINDOWS\system32\rimfjryd.dll
2008-06-03 15:27 . 2008-06-03 15:27 2,889,818 --ahs---- C:\WINDOWS\system32\gnqejxrf.ini
2008-06-01 16:08 . 2008-06-03 15:16 2,890,812 --ahs---- C:\WINDOWS\system32\ofvbfhfd.ini
2008-05-31 16:03 . 2008-06-01 15:21 2,759,422 --ahs---- C:\WINDOWS\system32\ixlkxtnk.ini
2008-05-30 14:42 . 2008-05-31 15:54 2,760,884 --ahs---- C:\WINDOWS\system32\ewrrelmw.ini
2008-05-29 14:41 . 2008-05-30 14:03 2,910,548 --ahs---- C:\WINDOWS\system32\vifjujwb.ini
2008-05-28 13:21 . 2008-05-29 14:32 1,474,312 --ahs---- C:\WINDOWS\system32\nmxyjhtu.ini
2008-05-27 11:06 . 2008-05-28 11:09 1,474,140 --ahs---- C:\WINDOWS\system32\omrlcrfv.ini
2008-05-24 17:32 . 2008-05-24 17:32 253,440 --a------ C:\WINDOWS\apunbegy.dll
2008-05-24 16:31 . 2008-05-25 20:03 1,401,484 --ahs---- C:\WINDOWS\system32\lpyycypd.ini
2008-05-24 15:47 . 2008-05-24 16:56 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-24 11:06 . 2008-05-24 11:06 <DIR> d-------- C:\Program Files\Stardock
2008-05-24 11:06 . 2000-10-20 01:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-24 10:55 . 2008-05-30 13:57 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-24 09:57 . 2008-05-24 09:57 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 20:27 . 2008-05-12 20:27 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 05:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 05:20 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd6893.sys
2008-06-04 23:11 --------- d-----w C:\Program Files\Java
2008-05-29 14:37 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-29 14:37 60,800 -c--a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-29 14:37 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-29 14:37 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-29 14:37 --------- d-----w C:\Program Files\Symantec
2008-05-24 21:41 1,007,616 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-05-24 20:47 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-24 14:58 --------- d-----w C:\Documents and Settings\Imprt_Tunrz\Application Data\Skype
2008-05-24 14:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-14 22:23 --------- d-----w C:\Documents and Settings\Imprt_Tunrz\Application Data\AdobeUM
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 21:14 42,672 ----a-w C:\WINDOWS\system32\wbsys.dll
2008-04-14 10:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 10:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 10:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 10:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 10:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 10:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 10:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 10:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 10:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 10:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 10:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 10:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 10:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 07:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 06:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 05:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 05:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 05:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 05:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 05:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 05:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 05:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 05:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 05:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 05:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 05:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 05:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 05:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 05:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 05:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 05:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 05:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 05:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 05:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 05:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 05:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 05:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 05:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 05:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 05:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 05:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 05:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 05:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 05:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 05:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 05:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 05:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 05:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 05:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 05:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 05:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 05:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 05:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 05:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 05:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 05:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 05:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 05:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 05:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 05:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 05:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 05:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 05:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 05:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 05:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-14 05:16 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-14 05:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-14 05:16 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 05:16 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-14 05:16 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:16 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-14 05:16 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-14 05:16 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-14 05:16 121,984 ----a-w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-14 05:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-14 05:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2005-08-03 05:58 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06d7dfce-6a7e-4ca8-9f4b-2c85911216b8}]
2008-06-05 17:45 133120 --a------ C:\WINDOWS\system32\fwoauukm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34CA1F77-CDC3-4B94-9218-7D213430B429}]
C:\WINDOWS\system32\wvUlmmlj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:42 1695232]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [ ]
"Rainlendar2 "= "F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe" [2007-12-30 05:23 1365504]
"Aim6 "=" " []
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"CursorXP "= "F:\Program Files\Stardock\CursorXP\CursorXP.exe" [2005-01-19 17:44 140288]
"SpybotSD TeaTimer "= "F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 17:13 102400]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 17:12 684032]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 17:55 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 17:51 118784]
"Recguard "= "%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"PCSuiteTrayApplication "= "F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"IMEKRMIG6.1 "= "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 14:00 44032]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00 59392]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"Reminder "= "%WINDIR%\Creator\Remind_XP.exe" [ ]
"UserFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -u" [ ]
"QuickTime Task "= "F:\Program Files\Quicktime\QTTask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher "= "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"LogonStudio "= "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"BootSkin Startup Jobs "= "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"SunJavaUpdateSched "= "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"bc8d3a01 "= "C:\WINDOWS\system32\pnpfbytk.dll" [2008-06-05 17:39 117248]
"BMbfbe099d "= "C:\WINDOWS\system32\yygawwbm.dll" [2008-06-05 17:36 126976]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 1:19:50 AM 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/28/2006 11:57:43 AM 113664]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/28/2005 1:09:16 AM 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "= 1 (0x1)
"AllowUnhashedWebView "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "C:\\WINDOWS\\system32\\logonui.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420 "= i420vfw.dll
"vidc.yv12 "= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\Orb.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19533:TCP "= 19533:TCP:BitComet 19533 TCP
"19533:UDP "= 19533:UDP:BitComet 19533 UDP

S3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-09-22 05:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abc37bbc-f22d-11dc-a8d3-0003251de2b7}]
\Shell\AutoRun\command - K:\capxteo.exe
\Shell\explore\Command - K:\capxteo.exe
\Shell\open\Command - K:\capxteo.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 02:42:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-08-03 05:00:05 C:\WINDOWS\Tasks\ISP signup reminder 1.job "
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-08-03 05:00:07 C:\WINDOWS\Tasks\ISP signup reminder 3.job "
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-10 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job "
- F:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 00:57:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-06 1:00:17
ComboFix-quarantined-files.txt 2008-06-06 05:59:53

Pre-Run: 4,186,333,184 bytes free
Post-Run: 4,167,634,944 bytes free

292 --- E O F --- 2008-05-16 04:36:57




HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 00:48, on 2008-06-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\system32\conime.exe
F:\Program Files\Stardock\DesktopX\DesktopX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Quicktime\QTTask.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Stardock\CursorXP\CursorXP.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
F:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: {8b612119-58c2-b4f9-8ac4-e7a6ecfd7d60} - {06d7dfce-6a7e-4ca8-9f4b-2c85911216b8} - C:\WINDOWS\system32\fwoauukm.dll
O2 - BHO: (no name) - {34CA1F77-CDC3-4B94-9218-7D213430B429} - C:\WINDOWS\system32\wvUlmmlj.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {663656DF-6BAE-460C-A612-8133DF519346} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [bc8d3a01] rundll32.exe "C:\WINDOWS\system32\pnpfbytk.dll ",b
O4 - HKLM\..\Run: [BMbfbe099d] Rundll32.exe "C:\WINDOWS\system32\yygawwbm.dll ",s
O4 - HKLM\..\RunOnce: [SpybotDeletingC361] cmd /c del "C:\WINDOWS\system32\wvUlmmlj.dll_old "
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Clearness time.lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Clearnesstime\Clearness time.exe
O4 - Startup: Vista outlook (light).lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Vistaoutlooklight\Vista outlook (light).exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: efcYOefc - C:\WINDOWS\
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Hi imprttunrz
OK Please do this.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O20 - Winlogon Notify: efcYOefc - C:\WINDOWS\

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.


Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.

Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\system32\fwoauukm.dll
C:\WINDOWS\system32\ktybfpnp.ini
C:\WINDOWS\system32\pnpfbytk.dll
C:\WINDOWS\system32\yygawwbm.dll
C:\WINDOWS\system32\hhkrplje.ini
C:\WINDOWS\system32\fajcbgjs.dll
C:\WINDOWS\system32\ejlprkhh.dll
C:\WINDOWS\system32\rimfjryd.dll
C:\WINDOWS\system32\gnqejxrf.ini
C:\WINDOWS\system32\ofvbfhfd.ini
C:\WINDOWS\system32\ixlkxtnk.ini
C:\WINDOWS\system32\ewrrelmw.ini
C:\WINDOWS\system32\vifjujwb.ini
C:\WINDOWS\system32\nmxyjhtu.ini
C:\WINDOWS\system32\omrlcrfv.ini
C:\WINDOWS\apunbegy.dll
C:\WINDOWS\system32\lpyycypd.ini

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abc37bbc-f22d-11dc-a8d3-0003251de2b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06d7dfce-6a7e-4ca8-9f4b-2c85911216b8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34CA1F77-CDC3-4B94-9218-7D213430B429}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "bc8d3a01 "=-
 "BMbfbe099d "=- 

Your flash drive, thumb drive is infected.

Download this file to desktop but don't run it yet.

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Hold down the Shift key and insert your flash drive.
It is important to hold the shift key while plugging in flash drive so the virus does not run and re-infect system.
Double click on Flash_Disinfector.exe to run it. Once done, you will be prompted. Click OK.

Repeat this step if you have more than one flash drives.

Please post the combofix log.

Thanks
Geri

 

combofix log

ComboFix 08-06-05.3 - Imprt_Tunrz 2008-06-06 15:40:12.4 - NTFSx86
Running from: C:\Documents and Settings\Imprt_Tunrz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Imprt_Tunrz\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\apunbegy.dll
C:\WINDOWS\system32\ejlprkhh.dll
C:\WINDOWS\system32\ewrrelmw.ini
C:\WINDOWS\system32\fajcbgjs.dll
C:\WINDOWS\system32\fwoauukm.dll
C:\WINDOWS\system32\gnqejxrf.ini
C:\WINDOWS\system32\hhkrplje.ini
C:\WINDOWS\system32\ixlkxtnk.ini
C:\WINDOWS\system32\ktybfpnp.ini
C:\WINDOWS\system32\lpyycypd.ini
C:\WINDOWS\system32\nmxyjhtu.ini
C:\WINDOWS\system32\ofvbfhfd.ini
C:\WINDOWS\system32\omrlcrfv.ini
C:\WINDOWS\system32\pnpfbytk.dll
C:\WINDOWS\system32\rimfjryd.dll
C:\WINDOWS\system32\vifjujwb.ini
C:\WINDOWS\system32\yygawwbm.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\apunbegy.dll
C:\WINDOWS\BMbfbe099d.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ejlprkhh.dll
C:\WINDOWS\system32\ewrrelmw.ini
C:\WINDOWS\system32\fajcbgjs.dll
C:\WINDOWS\system32\fwoauukm.dll
C:\WINDOWS\system32\gnqejxrf.ini
C:\WINDOWS\system32\hhkrplje.ini
C:\WINDOWS\system32\ixlkxtnk.ini
C:\WINDOWS\system32\ktybfpnp.ini
C:\WINDOWS\system32\lpyycypd.ini
C:\WINDOWS\system32\nmxyjhtu.ini
C:\WINDOWS\system32\ofvbfhfd.ini
C:\WINDOWS\system32\omrlcrfv.ini
C:\WINDOWS\system32\pnpfbytk.dll
C:\WINDOWS\system32\rimfjryd.dll
C:\WINDOWS\system32\vifjujwb.ini
C:\WINDOWS\system32\yygawwbm.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-06 to 2008-06-06 )))))))))))))))))))))))))))))))
.

2008-06-05 15:06 . 2008-06-05 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 21:50 . 2008-06-04 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 21:48 . 2008-06-04 21:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 18:28 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-04 18:27 . 2008-06-04 18:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-24 15:47 . 2008-05-24 16:56 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-24 11:06 . 2008-05-24 11:06 <DIR> d-------- C:\Program Files\Stardock
2008-05-24 11:06 . 2000-10-20 01:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-24 10:55 . 2008-05-30 13:57 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-24 09:57 . 2008-05-24 09:57 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 20:27 . 2008-05-12 20:27 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 05:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 05:20 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd6893.sys
2008-06-04 23:11 --------- d-----w C:\Program Files\Java
2008-05-29 14:37 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-29 14:37 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-29 14:37 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-29 14:37 --------- d-----w C:\Program Files\Symantec
2008-05-24 20:47 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-24 14:58 --------- d-----w C:\Documents and Settings\Imprt_Tunrz\Application Data\Skype
2008-05-24 14:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-14 22:23 --------- d-----w C:\Documents and Settings\Imprt_Tunrz\Application Data\AdobeUM
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-20 04:14 --------- d-----w C:\Documents and Settings\Imprt_Tunrz\Application Data\FrostWire
2008-04-14 10:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 10:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 10:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 10:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 10:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 10:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 10:42 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 10:42 3,901 ----a-w C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 10:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 10:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 10:42 11,325 ----a-w C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 10:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 10:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 05:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 05:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 05:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 05:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 05:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 05:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 05:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 05:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 05:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 05:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 05:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 05:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 05:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 05:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 05:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 05:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 05:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 05:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 05:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 05:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 05:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 05:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 05:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 05:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 05:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 05:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 05:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 05:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 05:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 05:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 05:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 05:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 05:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 05:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 05:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 05:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 05:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 05:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 05:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 05:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 05:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 05:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 05:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 05:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 05:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 05:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 05:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 05:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 05:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 05:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 05:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-14 05:16 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-14 05:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-14 05:16 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 05:16 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-14 05:16 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:16 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-14 05:16 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-14 05:16 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-14 05:16 121,984 ----a-w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-14 05:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-14 05:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 05:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-14 05:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 05:13 14,208 ----a-w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-14 05:13 12,672 ----a-w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-14 05:11 8,576 ----a-w C:\WINDOWS\system32\drivers\i2omgmt.sys
2008-04-14 05:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2005-08-03 05:58 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-06_ 0.36.57.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 05:21:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 20:45:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06d7dfce-6a7e-4ca8-9f4b-2c85911216b8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34CA1F77-CDC3-4B94-9218-7D213430B429}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{663656DF-6BAE-460C-A612-8133DF519346}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:42 1695232]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [ ]
"Rainlendar2 "= "F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe" [2007-12-30 05:23 1365504]
"Aim6 "=" " []
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"CursorXP "= "F:\Program Files\Stardock\CursorXP\CursorXP.exe" [2005-01-19 17:44 140288]
"SpybotSD TeaTimer "= "F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 17:13 102400]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 17:12 684032]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 17:55 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 17:51 118784]
"Recguard "= "%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"PCSuiteTrayApplication "= "F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"IMEKRMIG6.1 "= "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 14:00 44032]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00 59392]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"Reminder "= "%WINDIR%\Creator\Remind_XP.exe" [ ]
"UserFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -u" [ ]
"QuickTime Task "= "F:\Program Files\Quicktime\QTTask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher "= "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"LogonStudio "= "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"BootSkin Startup Jobs "= "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"SunJavaUpdateSched "= "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"bc8d3a01 "= "C:\WINDOWS\system32\pnpfbytk.dll" [ ]
"BMbfbe099d "= "C:\WINDOWS\system32\yygawwbm.dll" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 1:19:50 AM 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/28/2006 11:57:43 AM 113664]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/28/2005 1:09:16 AM 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "= 1 (0x1)
"AllowUnhashedWebView "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "C:\\WINDOWS\\system32\\logonui.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420 "= i420vfw.dll
"vidc.yv12 "= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\Orb.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19533:TCP "= 19533:TCP:BitComet 19533 TCP
"19533:UDP "= 19533:UDP:BitComet 19533 UDP

S3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-09-22 05:41]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 02:42:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-08-03 05:00:05 C:\WINDOWS\Tasks\ISP signup reminder 1.job "
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-08-03 05:00:07 C:\WINDOWS\Tasks\ISP signup reminder 3.job "
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-10 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job "
- F:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 15:46:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
F:\Program Files\Stardock\DesktopX\DesktopX.exe
F:\Program Files\Norton AnitVirus 2006\NAVAPSVC.EXE
F:\Program Files\Norton AnitVirus 2006\IWP\NPFMNTOR.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-06-06 15:59:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-06 20:58:29
ComboFix2.txt 2008-06-06 06:00:18

Pre-Run: 4,980,453,376 bytes free
Post-Run: 4,939,988,992 bytes free

311 --- E O F --- 2008-05-16 04:36:57

 

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 4:02:30 PM, on 06/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Stardock\DesktopX\DesktopX.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
F:\Program Files\Quicktime\QTTask.exe
F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Stardock\CursorXP\CursorXP.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
F:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Clearness time.lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Clearnesstime\Clearness time.exe
O4 - Startup: Vista outlook (light).lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Vistaoutlooklight\Vista outlook (light).exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Hi
OK we need to do this one more time.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.

Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06d7dfce-6a7e-4ca8-9f4b-2c85911216b8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34CA1F77-CDC3-4B94-9218-7D213430B429}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{663656DF-6BAE-460C-A612-8133DF519346}]

Please post the combofix log.

Thanks
Geri

 

combofix log

ComboFix 08-06-05.3 - Imprt_Tunrz 2008-06-06 22:04:57.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.107 [GMT -5:00]
Running from: C:\Documents and Settings\Imprt_Tunrz\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Imprt_Tunrz\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-05 15:06 . 2008-06-05 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-04 21:50 . 2008-06-04 21:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-04 21:48 . 2008-06-04 21:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 18:28 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-04 18:27 . 2008-06-04 18:27 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-24 15:47 . 2008-05-24 16:56 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-24 11:06 . 2008-05-24 11:06 <DIR> d-------- C:\Program Files\Stardock
2008-05-24 11:06 . 2000-10-20 01:05 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-05-24 10:55 . 2008-05-30 13:57 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-24 09:57 . 2008-05-24 09:57 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-24 09:27 . 2008-05-24 09:27 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 20:27 . 2008-05-12 20:27 <DIR> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 00:33 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 05:20 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd6893.sys
2008-06-04 23:11 --------- d-----w C:\Program Files\Java
2008-05-29 14:37 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-29 14:37 60,800 -c--a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-29 14:37 123,952 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-29 14:37 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-29 14:37 --------- d-----w C:\Program Files\Symantec
2008-05-24 21:41 1,007,616 ----a-w C:\WINDOWS\system32\logonuiX.exe
2008-05-24 20:47 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-24 14:58 --------- d-----w C:\Documents and Settings\Imprt_Tunrz\Application Data\Skype
2008-05-24 14:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-14 22:23 --------- d-----w C:\Documents and Settings\Imprt_Tunrz\Application Data\AdobeUM
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-26 21:14 42,672 ----a-w C:\WINDOWS\system32\wbsys.dll
2008-04-14 10:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 10:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 10:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 10:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 10:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 10:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 10:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 10:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 10:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 10:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 10:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 10:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 10:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 07:30 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 06:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 05:57 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 05:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 05:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 05:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 05:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 05:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 05:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 05:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 05:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 05:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 05:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 05:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 05:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 05:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 05:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 05:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 05:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 05:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 05:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 05:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 05:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 05:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 05:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 05:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 05:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 05:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 05:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 05:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 05:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 05:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 05:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 05:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 05:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 05:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 05:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 05:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 05:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 05:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 05:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 05:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 05:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 05:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 05:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 05:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 05:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 05:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 05:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 05:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 05:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 05:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 05:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 05:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 05:16 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-14 05:16 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-14 05:16 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-14 05:16 37,888 ----a-w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 05:16 36,480 ----a-w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-14 05:16 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 05:16 25,600 ----a-w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 05:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-14 05:16 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-14 05:16 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-14 05:16 121,984 ----a-w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-14 05:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-14 05:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2005-08-03 05:58 0 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-06_ 0.36.57.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-06 05:21:41 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-06 20:45:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 05:42 1695232]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [ ]
"Rainlendar2 "= "F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe" [2007-12-30 05:23 1365504]
"Aim6 "=" " []
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"CursorXP "= "F:\Program Files\Stardock\CursorXP\CursorXP.exe" [2005-01-19 17:44 140288]
"SpybotSD TeaTimer "= "F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096]
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 17:13 102400]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 17:12 684032]
"RemoteControl "= "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 22:24 32768]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 17:55 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 17:51 118784]
"Recguard "= "%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"PCSuiteTrayApplication "= "F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 14:00 208952]
"IMEKRMIG6.1 "= "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 14:00 44032]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 14:00 59392]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 14:00 455168]
"Reminder "= "%WINDIR%\Creator\Remind_XP.exe" [ ]
"UserFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -u" [ ]
"QuickTime Task "= "F:\Program Files\Quicktime\QTTask.exe" [2008-03-28 23:37 413696]
"Adobe Reader Speed Launcher "= "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"LogonStudio "= "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" [2002-09-03 18:38 987187]
"BootSkin Startup Jobs "= "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"SunJavaUpdateSched "= "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [5/15/2003 1:19:50 AM 217193]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/28/2006 11:57:43 AM 113664]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/28/2005 1:09:16 AM 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "= 1 (0x1)
"AllowUnhashedWebView "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost "= "C:\\WINDOWS\\system32\\logonui.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 16:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420 "= i420vfw.dll
"vidc.yv12 "= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\Orb.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe "=
"F:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=


S3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-09-22 05:41]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-20 02:42:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job "
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-08-03 05:00:05 C:\WINDOWS\Tasks\ISP signup reminder 1.job "
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2005-08-03 05:00:07 C:\WINDOWS\Tasks\ISP signup reminder 3.job "
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-06-07 01:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job "
- F:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 22:08:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-06 22:11:39
ComboFix-quarantined-files.txt 2008-06-07 03:11:05
ComboFix2.txt 2008-06-06 20:59:35
ComboFix3.txt 2008-06-06 06:00:18

Pre-Run: 4,956,274,688 bytes free
Post-Run: 4,936,269,824 bytes free

238 --- E O F --- 2008-05-16 04:36:57

 

hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 10:13:10 PM, on 06/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Stardock\DesktopX\DesktopX.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
F:\Program Files\Quicktime\QTTask.exe
F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Stardock\CursorXP\CursorXP.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
F:\Program Files\Hijack This\HijackThis.exe

O2 - BHO: (no name) - {06d7dfce-6a7e-4ca8-9f4b-2c85911216b8} - (no file)
O2 - BHO: (no name) - {34CA1F77-CDC3-4B94-9218-7D213430B429} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {663656DF-6BAE-460C-A612-8133DF519346} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [bc8d3a01] rundll32.exe "C:\WINDOWS\system32\pnpfbytk.dll ",b
O4 - HKLM\..\Run: [BMbfbe099d] Rundll32.exe "C:\WINDOWS\system32\yygawwbm.dll ",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Clearness time.lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Clearnesstime\Clearness time.exe
O4 - Startup: Vista outlook (light).lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Vistaoutlooklight\Vista outlook (light).exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Hi
OK My Bad. I should have seen this earlier.
You are using a old version of HJT.
Please delete the one you have and download and install this one.


Download a copy of HijackThis installer from here and save it to your Desktop.

1. Save HJTInstall.exe to your desktop.
2. Double-click on the HJTintall.exe icon on your desktop.
   (Let it install to the default location C:\Program Files\Hijackthis)
3. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
4. Put a check by Create a desktop icon and then click Next again.
5. Continue to follow the rest of the prompts from there.
6. At the final dialogue box click Finish and it will launch HijackThis.
7. Click on the Do a system scan and save a log file button.

Please post the log.

Thanks
Geri

 

Error Message

okay. I'll post the new log in a minute, but when I was turning on my laptop this morning, during the startup, I received an error message titled "RUNDLL" with the message:
Error loading C:\WINDOWS\system32\yygawwbm.dll
The specified module could not be found

 

Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:12 AM, on 07/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Stardock\DesktopX\DesktopX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
F:\Program Files\Quicktime\QTTask.exe
F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Stardock\CursorXP\CursorXP.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {06d7dfce-6a7e-4ca8-9f4b-2c85911216b8} - (no file)
O2 - BHO: (no name) - {34CA1F77-CDC3-4B94-9218-7D213430B429} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {663656DF-6BAE-460C-A612-8133DF519346} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKLM\..\Run: [bc8d3a01] rundll32.exe "C:\WINDOWS\system32\pnpfbytk.dll ",b
O4 - HKLM\..\Run: [BMbfbe099d] Rundll32.exe "C:\WINDOWS\system32\yygawwbm.dll ",s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Clearness time.lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Clearnesstime\Clearness time.exe
O4 - Startup: Vista outlook (light).lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Vistaoutlooklight\Vista outlook (light).exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 12445 bytes

 

Hi
OK please do this.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer "(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Don't forget to re-enable it, when your computer is clean.

Now do this.

Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {06d7dfce-6a7e-4ca8-9f4b-2c85911216b8} - (no file)
O2 - BHO: (no name) - {34CA1F77-CDC3-4B94-9218-7D213430B429} - (no file)
O2 - BHO: (no name) - {663656DF-6BAE-460C-A612-8133DF519346} - (no file)
O4 - HKLM\..\Run: [bc8d3a01] rundll32.exe "C:\WINDOWS\system32\ejlprkhh.dll ",b
O4 - HKLM\..\Run: [BMbfbe099d] Rundll32.exe "C:\WINDOWS\system32\rimfjryd.dll ",s

Now close all windows other than HiJackThis, then click Fix Checked.

Close HJT.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

C:\WINDOWS\system32\ejlprkhh.dll
C:\WINDOWS\system32\rimfjryd.dll

After that, Reboot.

Please post a New HJT Log into this Thread.
Let me know if you still received the error message.

Thanks
Geri

 

hijackthis log

The error messages do not appear anymore.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:03 PM, on 07/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Stardock\DesktopX\DesktopX.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
F:\Program Files\Quicktime\QTTask.exe
F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe
F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
F:\Program Files\Stardock\CursorXP\CursorXP.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton AnitVirus 2006\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [LogonStudio] "F:\Program Files\Stardock\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "F:\PROGRA~1\Stardock\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_06\bin\jusched.exe "
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rainlendar2] F:\Program Files\Stardock\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\Stardock\CursorXP\CursorXP.exe
O4 - Startup: Clearness time.lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Clearnesstime\Clearness time.exe
O4 - Startup: Vista outlook (light).lnk = F:\Program Files\ThemeManager\DesktopX\Themes\Vistaoutlooklight\Vista outlook (light).exe
O4 - Global Startup: Acrobat Assistant.lnk = F:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DCEA263C-75E9-4029-F6AA-37F011CC4EF1} (IM2Webconference) - http://dialcom.com/spontania/download/SpontaniaVideoCollaboration.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton AnitVirus 2006\SAVScan.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11895 bytes

 

Hi
OK great.

Now lets get a on-line scan. Please do the following in the order given.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Please do an online scan with Kaspersky WebScanner

Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

You will be prompted to install an ActiveX component from Kaspersky, Click Yes or Install.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

umm....does http://www.atribune.org work? or is it down at the moment?

 

Hi
That's interesting. Must be down for the moment.

Just run Kaspersky with out doing ATF Cleaner. we'll try later with ATF it.

Thanks
Geri

 

Kaspersky

Sunday, June 08, 2008 12:16:11 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/06/2008
Kaspersky Anti-Virus database records: 838608
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
Scan Statistics
Total number of scanned objects 99359
Number of viruses found 24
Number of infected objects 73
Number of suspicious objects 0
Duration of the scan process 02:14:44

Infected Object Name Virus Name Last Action
C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-06-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05494E5E.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bth skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05494E5E.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bth skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05494E5E.exe NSIS: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05494E5E.exe CryptFF: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08B427C8.com Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08FC4379.com Infected: EICAR-Test-File skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A867FA1.tmp Infected: Backdoor.Win32.IRCBot.aaq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AD820B6.exe Infected: Virus.Win32.AutoRun.sz skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\.rainlendar2\rainlendar2.log Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Imprt_Tunrz\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Gateway_Specific_Vista.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Microsoft_Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Microsoft_Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Other.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\Gateway\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\apunbegy.dll.vir Infected: Trojan-Downloader.Win32.Peregar.na skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcYOefc.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ejlprkhh.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fajcbgjs.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\fwoauukm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\jucmqnes.dll.vir Infected: Trojan-Downloader.Win32.ConHook.te skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\kwuqcesx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nkvpcbus.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pnpfbytk.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\psclwpwx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.xjc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rerejddo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.trp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rimfjryd.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\rrbwkxjm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tbmtokps.dll.vir Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vhrmfbef.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wcnphibp.dll.vir Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yjdktqnu.dll.vir Infected: Trojan-Downloader.Win32.ConHook.te skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yygawwbm.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP763\A0123773.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trp skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP764\A0123842.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP765\A0124016.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP767\A0124097.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqd skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP767\A0124098.dll Infected: Trojan.Win32.Monder.le skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP769\A0124135.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP769\A0124136.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpu skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0124997.dll Infected: Trojan-Downloader.Win32.Peregar.cg skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0124998.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0124999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0125000.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqh skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0125001.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wpv skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0125002.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0125003.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0125004.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tsz skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP780\A0125251.dll Infected: Trojan.Win32.Pakes.cym skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125306.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125311.dll Infected: Trojan-Downloader.Win32.ConHook.te skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125313.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.vqf skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125315.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125317.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.xjc skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125318.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.trp skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125319.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125320.dll Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125321.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wdd skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125322.dll Infected: Trojan-Downloader.Win32.ConHook.apx skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP781\A0125325.dll Infected: Trojan-Downloader.Win32.ConHook.te skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP782\A0126042.dll Infected: Trojan-Downloader.Win32.Peregar.na skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP782\A0126043.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP782\A0126045.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP782\A0126046.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP782\A0126055.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP782\A0126056.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP782\A0126058.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP783\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{AB0CD47A-3F4E-4998-8D62-278791237D27}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd6893.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
F:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
F:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
F:\Program Files\Norton AnitVirus 2006\AVApp.log Object is locked skipped
F:\Program Files\Norton AnitVirus 2006\AVError.log Object is locked skipped
F:\Program Files\Norton AnitVirus 2006\AVVirus.log Object is locked skipped
F:\Program Files\Norton AnitVirus 2006\Savrt\0099NAV~.TMP Object is locked skipped
F:\Program Files\Norton AnitVirus 2006\Savrt\0391NAV~.TMP Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP761\A0123494.exe Infected: Trojan-Downloader.Win32.Delf.ido skipped
F:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP765\A0124045.exe/data0000.cab/is154480.exe Infected: Trojan-Downloader.Win32.Agent.qkl skipped
F:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP765\A0124045.exe/data0000.cab Infected: Trojan-Downloader.Win32.Agent.qkl skipped
F:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP765\A0124045.exe Rsrc-Package: infected - 2 skipped
F:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP783\change.log Object is locked skipped
G:\autorun.inf\lpt3.This folder was created by Flash_Disinfector Object is locked skipped
G:\Download from Internet\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
G:\Download from Internet\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
G:\Download from Internet\mirc621.exe NSIS: infected - 2 skipped
G:\Download from Internet\mirc631.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
G:\Download from Internet\mirc631.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
G:\Download from Internet\mirc631.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
G:\Download from Internet\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
G:\Download from Internet\mirc631.exe NSIS: infected - 4 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

 

Hi imprttunrz

Do you use IRC ?
Let me know.

Do this next.

Please delete Flash Disinfector

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.


Now lets clean out your system restore points.

You must be logged in as an Administrator to do this. If you are not logged in as an Administrator, the System Restore tab will not be displayed.
Turning off System Restore will clear out all previous restore points.

To turn off Windows XP System Restore:
NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:
1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives. "
5. Click Apply, and then click OK
6. Make a new restore point.
7. Click Start, All Programs, Accessories, System Tools, System Restore.
Choose Create a restore point and clicked Next, Under "Type a description for your restore point…â€put a name in the box,. Click Create. In the next window click Close.

Try to get ATF Cleaner again and run it. Last I checked it still wasn't up.

Now run Kaspersky again and post the log.

Thanks
Geri

 

yes i do use IRC once in a while.
i haven't used it in a month or two...