Solved bloodhound.sonar.1

nabster · 2008/07/26

[Resolved] bloodhound.sonar.1

well i dont know how this problem started but i know i have the problem. I have norton 360 and it picks up the fact that i have this virus, bloodhound.sonar.1, and then says it fixed it and tells me to reboot only for me to find it once again on my computer. Also my computer gets snippets of audio on it from nowhere whatsover (even when nothing is running) . The audio clips are very random as well.I believe that this has some sort of a connection to the virus. My computer is running slower due to this problem and i really need it cleaned.if anyone can help me with this problem please do because i am stuck and i really need assistance, Thank you

noahdfear · 2008/07/26

Hi nabster, and welcome to WindowsBBS

Just wanted you to know that I received your message and I'd be happy to try and help. There are some others ahead of you though, so be patient while waiting for a response after you've completed the tasks I have for you.

First, you mentioned reviewing another case similar to yours here at WindowsBBS. It might be helpful if you could provide a link to that topic.

If Norton identifies a filename and/or location of the detection, it would be very helpful if you could provide us with that information as well.

We'll need to see some logs. Please read this topic, download and install HijackThis, then run a scan and save the log. No need to post that log though, so you can just close it.
Finally, download Deckard's System Scanner and run a scan as outlined in the 'Before you post a log' topic I linked to above. Post the contents of the main.txt log here in this topic.

Hang in there!

nabster · 2008/07/27

ok thank you for your undertanding and time for this subject. Right now i finished doing the hijack this log and the decker system scanner scan. Here is the the main.txt for the decker scanner:

Deckard's System Scanner v20071014.68
Run by Sakran on 2008-07-27 12:19:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
86: 2008-07-27 16:19:26 UTC - RP220 - Deckard's System Scanner Restore Point
85: 2008-07-27 08:42:51 UTC - RP219 - System Checkpoint
84: 2008-07-26 08:42:39 UTC - RP218 - System Checkpoint
83: 2008-07-18 08:11:55 UTC - RP217 - System Checkpoint
82: 2008-07-17 07:22:12 UTC - RP216 - System Checkpoint

-- First Restore Point --
1: 2008-04-29 15:06:59 UTC - RP135 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Sakran.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:03 PM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\wserving.exe
C:\WINDOWS\system32\Nobicyt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199603103500
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games "“ Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AFinding Service (AFinding) - Unknown owner - C:\WINDOWS\system32\afinding.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Routing Service (Routing) - Unknown owner - C:\WINDOWS\system32\routing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WServing Service (WServing) - Unknown owner - C:\WINDOWS\system32\wserving.exe

--
End of file - 13743 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
R2 CDRPDACC (Arrowkey Device Access) - c:\program files\321studios\shared\cdrpdacc.sys <Not Verified; Arrowkey; CD Device Access>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 jatmlano - c:\docume~1\sakran\locals~1\temp\jatmlano.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AFinding (AFinding Service) - c:\windows\system32\afinding.exe
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 GEARSecurity - system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
R2 NOBICYT (NOBICYT Service) - c:\windows\system32\nobicyt.exe
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
R2 Routing (Routing Service) - c:\windows\system32\routing.exe
R2 WServing (WServing Service) - c:\windows\system32\wserving.exe

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 nmraapache (Pure Networks Net2Go Service) - "c:\program files\pure networks\network magic\webserver\bin\nmraapache.exe" -k runservice <Not Verified; Pure Networks, Inc.; Pure Networks Net2Go Service>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 11:59:00 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-17 14:39:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 12:13:02 0 d-------- C:\Program Files\Trend Micro
2008-07-12 01:39:34 0 d-------- C:\Program Files\iPod
2008-07-12 01:37:10 0 d-------- C:\Program Files\Bonjour
2008-07-10 23:30:52 0 d-------- C:\Program Files\Magellan
2008-07-10 12:23:16 0 d-------- C:\WINDOWS\pss
2008-07-04 12:31:42 270336 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2008-07-04 12:31:42 502368 --a------ C:\WINDOWS\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
2008-06-29 11:47:45 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-06-28 13:52:45 0 d-------- C:\Program Files\QuickTime

-- Find3M Report ---------------------------------------------------------------

2008-07-26 19:38:58 0 d-------- C:\Program Files\lg_fwupdate
2008-07-26 15:34:40 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-12 01:40:00 0 d-------- C:\Program Files\iTunes
2008-07-10 23:30:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-10 11:59:16 0 d-------- C:\Documents and Settings\Sakran\Application Data\Skype
2008-07-10 08:06:08 0 d-------- C:\Documents and Settings\Sakran\Application Data\skypePM
2008-06-29 10:49:18 0 d-------- C:\Program Files\Apple Software Update
2008-06-28 14:02:48 0 d-------- C:\Program Files\Safari
2008-06-22 13:28:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-21 01:42:35 0 d-------- C:\Program Files\DIFX
2008-06-21 01:41:11 0 d-------- C:\Program Files\AGEIA Technologies
2008-06-21 01:40:44 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 01:11:44 0 d-------- C:\Program Files\Microsoft Works
2008-05-30 18:47:42 0 d-------- C:\Program Files\Symantec
2008-05-19 11:07:30 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-19 11:04:47 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-12 18:25:30 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer "= "VTTimer.exe" [03/08/2005 05:33 AM C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor "= "ALCXMNTR.EXE" [09/07/2004 02:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 01:59 AM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"nmctxth "= "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [10/01/2007 09:08 PM]
"nmapp "= "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [10/29/2007 11:04 PM]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 05:33 PM]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [04/02/2007 12:01 PM]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 11:55 PM]
"LGODDFU "= "C:\Program Files\lg_fwupdate\fwupdate.exe" [01/14/2008 07:18 PM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"nod32kui "= "C:\Program Files\Eset\nod32kui.exe" [07/04/2008 12:29 PM]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [03/01/2007 11:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sakran^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Sakran\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
"C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
"C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

*Newly Created Service* - AFINDING
*Newly Created Service* - COMHOST
*Newly Created Service* - NOBICYT
*Newly Created Service* - WSERVING

-- End of Deckard's System Scanner: finished at 2008-07-27 12:21:39 ------------

also you asked me for the link to the link to the forum where i got the initial information on this subject (the one you resolved). Here is the link:
http://www.windowsbbs.com/malware-v...rus-removal-problem-bloodhound-sonar-1-a.html

and lastly, i am currently running a scan through norton to see what the infected files name is and things. I know some names though from memory such as perfs.sys. They all seem to be in system 32 folders as well. I hope that can help for the time being. And oce again thanks for answering my forum.

Im hanging in there,
Nabster

nabster · 2008/07/27

also i forgot to mention the fact that when my norton 360 finds the virus it finds other trojans all the time. I dont know if there is a backdoor virus or something on my computer but it really seems to annoy me. just thought id add that

noahdfear · 2008/07/28

Download ComboFix by sUBs from here, saving the file to your desktop.

Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

Close all open programs and windows

Double click combofix.exe and follow the prompts.

It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

nabster · 2008/07/30

i tried combofix but its freezing up. What happening is it found some infected files but started to stall. I tried it 3 times for a duration of 10 30 and 1 hour. I am going to try tonight overnight and see if it finishes when it does ill let u know

thx thusfar,
nabster

noahdfear · 2008/07/31

First, grab an updated copy of ComboFix (notice the icon has changed), then try running it in safe mode.

nabster · 2008/08/05

ComboFix 08-07-31.06 - Sakran 2008-08-04 1:13:09.5 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.751 [GMT -4:00]
Running from: C:\Documents and Settings\Sakran\Desktop\virus removal software\ComboFix2.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\BF2TUCZL\interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\#SharedObjects\BF2TUCZL\interclick.com\ud.sol
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\LocalService\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Sakran\Application Data\inst.exe
C:\Documents and Settings\Sakran\Application Data\macromedia\Flash Player\#SharedObjects\GWQ3CERP\interclick.com
C:\Documents and Settings\Sakran\Application Data\macromedia\Flash Player\#SharedObjects\GWQ3CERP\interclick.com\ud.sol
C:\Documents and Settings\Sakran\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Sakran\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\tmp0_247860553039.bk
C:\WINDOWS\system32\tmp0_287489709130.bk
C:\WINDOWS\system32\tmp0_379112625557.bk
C:\WINDOWS\system32\tmp0_58430501325.bk
C:\WINDOWS\system32\tmp0_609672497962.bk
C:\WINDOWS\system32\tmp0_638730869417.bk
C:\WINDOWS\system32\tmp0_703543474677.bk
C:\WINDOWS\system32\tmp1_750312153262.bk
C:\WINDOWS\system32\tmp1_84791196386.bk
C:\WINDOWS\system32\tmp2_745014711552.bk
C:\WINDOWS\system32\tmp2_819140270817.bk
C:\WINDOWS\system32\tmp4_716130612532.bk
.
---- Previous Run -------
.
C:\WINDOWS\system32\afinding.exe
C:\WINDOWS\system32\comsa32.sys
C:\WINDOWS\system32\Nobicyt.exe
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\WServing.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFINDING
-------\Legacy_PERFMONS
-------\Legacy_ROUTING
-------\Legacy_WSERVING
-------\Service_AFinding
-------\Service_perfmons
-------\Service_Routing
-------\Service_WServing

((((((((((((((((((((((((( Files Created from 2008-07-04 to 2008-08-04 )))))))))))))))))))))))))))))))
.

2008-07-31 20:05 . 2008-07-31 20:05 <DIR> d-------- C:\Program Files\iPod
2008-07-29 08:44 . 2008-07-29 08:44 <DIR> d-------- C:\WINDOWS\Sun
2008-07-29 08:41 . 2008-07-29 08:41 <DIR> d-------- C:\Program Files\Sun
2008-07-29 08:41 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 08:39 . 2008-07-29 08:41 <DIR> d-------- C:\Program Files\Java
2008-07-29 08:36 . 2008-07-29 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-29 06:57 . 2008-07-29 07:48 <DIR> d-------- C:\ComboFix
2008-07-27 21:09 . 2008-07-27 21:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-27 12:17 . 2008-07-27 12:17 <DIR> d-------- C:\Deckard
2008-07-27 12:13 . 2008-07-27 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 01:37 . 2008-07-12 01:37 <DIR> d-------- C:\Program Files\Bonjour
2008-07-11 13:08 . 2008-07-11 13:30 4,681,480,192 --a------ C:\SIMPSONS_PS.ISO
2008-07-10 23:30 . 2008-07-10 23:30 <DIR> d-------- C:\Program Files\Magellan
2008-07-04 12:31 . 2008-07-07 21:18 <DIR> d-------- C:\Program Files\Eset
2008-07-04 12:31 . 2008-07-04 12:29 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-07-04 12:31 . 2008-07-04 12:29 270,336 --a------ C:\WINDOWS\system32\imon.dll
2008-07-04 12:31 . 2008-07-04 12:31 0 --a------ C:\WINDOWS\system32\mapisvc.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 05:18 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-04 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-03 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-01 00:06 --------- d-----w C:\Program Files\iTunes
2008-07-30 12:02 --------- d-----w C:\Program Files\Google
2008-07-29 23:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-27 17:38 --------- d-----w C:\Program Files\QuickTime
2008-07-27 17:38 --------- d-----w C:\Program Files\LearnLink 9.0
2008-07-27 17:38 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-27 17:38 --------- d-----w C:\Program Files\GameSpot
2008-07-27 17:38 --------- d-----w C:\Program Files\DVD Flick
2008-07-27 17:38 --------- d-----w C:\Program Files\DivX
2008-07-27 17:38 --------- d-----w C:\Program Files\AoA MP4 Converter
2008-07-11 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-11 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 15:59 --------- d-----w C:\Documents and Settings\Sakran\Application Data\Skype
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-10 12:06 --------- d-----w C:\Documents and Settings\Sakran\Application Data\skypePM
2008-06-29 14:49 --------- d-----w C:\Program Files\Apple Software Update
2008-06-28 18:02 --------- d-----w C:\Program Files\Safari
2008-06-21 05:42 --------- d-----w C:\Program Files\DIFX
2008-06-21 05:41 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-21 05:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 05:11 --------- d-----w C:\Program Files\Microsoft Works
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-20 21:04 47,360 ----a-w C:\Documents and Settings\Sakran\Application Data\pcouffin.sys
2008-04-13 21:03 0 ----a-w C:\Program Files\temp01
2008-03-30 20:03 81,920 ----a-w C:\Documents and Settings\Sakran\Application Data\ezpinst.exe
2008-01-12 00:33 5,772 ----a-w C:\Program Files\install.log
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"nmctxth "= "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-01 21:08 451896]
"nmapp "= "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-10-29 23:04 451896]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-04-02 12:01 161328]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 23:55 54832]
"LGODDFU "= "C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-01-14 19:18 249856]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"nod32kui "= "C:\Program Files\Eset\nod32kui.exe" [2008-07-04 12:29 921600]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"VTTimer "= "VTTimer.exe" [2005-03-08 05:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter "= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sakran^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Sakran\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2007-04-17 14:28 7247408 C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-02 10:33 1055792 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 16:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 10:21 1271032 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-07 18:08 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-06-19 15:15 3664944 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"C:\\Program Files\\NetMeeting\\conf.exe "=
"C:\\WINDOWS\\system32\\rtcshare.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\WINDOWS\\system32\\ftp.exe "=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Documents and Settings\\Sakran\\Desktop\\UT2004Demo\\System\\UT2004.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP "= 67:UDPHCP Discovery Service
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 12:24]
S2 NOBICYT;NOBICYT Service;C:\WINDOWS\system32\Nobicyt.exe []
S3 jatmlano;jatmlano;C:\DOCUME~1\Sakran\LOCALS~1\Temp\jatmlano.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-07-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-04 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sakran\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-04 01:19:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-08-04 1:27:22 - machine was rebooted [Sakran]
ComboFix-quarantined-files.txt 2008-08-04 05:27:06

Pre-Run: 36,399,329,280 bytes free
Post-Run: 36,657,487,872 bytes free

256 --- E O F --- 2008-07-09 22:09:28

this is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:08 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199603103500
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games "“ Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOBICYT Service (NOBICYT) - Unknown owner - C:\WINDOWS\system32\Nobicyt.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13927 bytes

noahdfear · 2008/08/05

Looks much better. Please highlight and copy the first bolded line below, click Start>Run, paste the line in the Run dialog then hit Enter. Then repeat with the second line.

sc delete NOBICYT
sc delete jatmlano

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Scan with Kaspersky WebScanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:

Once the files have been downloaded click on NEXT

Now click on Scan Settings

In the scan settings make that the following are selected:

Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:

Select My Computer

This will program will start and scan your system.

The scan will take a while so be patient and let it run.

Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Post the Kaspersky log and a fresh HijackThis log to this topic.

nabster · 2008/08/06

here is the kaspersky scan report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, August 06, 2008 11:09:13 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/08/2008
Kaspersky Anti-Virus database records: 1064003
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 103540
Number of viruses found: 55
Number of infected objects: 88
Number of suspicious objects: 0
Duration of the scan process: 02:33:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmapp_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmctxth_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Pure Networks\Log\logfile.nmsrvc_exe.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\054A42C3.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\84E9B529.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\EE25324B.TMP Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sakran\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Sakran\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\cert8.db Object is locked skipped
C:\Documents and Settings\Sakran\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\history.dat Object is locked skipped
C:\Documents and Settings\Sakran\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\key3.db Object is locked skipped
C:\Documents and Settings\Sakran\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\parent.lock Object is locked skipped
C:\Documents and Settings\Sakran\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Sakran\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Sakran\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\Application Data\Mozilla\Firefox\Profiles\vg8bdjkj.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\History\History.IE5\MSHist012008080620080807\index.dat Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\temp\jatmlano.sys Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\temp\~DF27BA.tmp Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\temp\~DF27EF.tmp Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\temp\~DFC494.tmp Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\temp\~DFC4AD.tmp Object is locked skipped
C:\Documents and Settings\Sakran\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2\slax\ophcrack\ophcrack-win32-installer-2.4.1.exe/file36 Infected: not-a-virusSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2\slax\ophcrack\ophcrack-win32-installer-2.4.1.exe/file63 Infected: not-a-virusSWTool.Win32.PWDump.s skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2\slax\ophcrack\ophcrack-win32-installer-2.4.1.exe/file64 Infected: not-a-virusSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2\slax\ophcrack\ophcrack-win32-installer-2.4.1.exe/file65 Infected: not-a-virusSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2\slax\ophcrack\ophcrack-win32-installer-2.4.1.exe Inno: infected - 4 skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2.iso/slax/ophcrack/ophcrack-win32-installer-2.4.1.exe/file36 Infected: not-a-virusSWTool.Win32.PWDump.2 skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2.iso/slax/ophcrack/ophcrack-win32-installer-2.4.1.exe/file63 Infected: not-a-virusSWTool.Win32.PWDump.s skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2.iso/slax/ophcrack/ophcrack-win32-installer-2.4.1.exe/file64 Infected: not-a-virusSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2.iso/slax/ophcrack/ophcrack-win32-installer-2.4.1.exe/file65 Infected: not-a-virusSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2.iso/slax/ophcrack/ophcrack-win32-installer-2.4.1.exe Infected: not-a-virusSWTool.Win32.PWDump.d skipped
C:\Documents and Settings\Sakran\My Documents\Nabil\Other\ophcrack-livecd-1.2.2.iso ISOimage: infected - 5 skipped
C:\Documents and Settings\Sakran\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sakran\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Sakran\UserData\index.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped
C:\Program Files\Eset\infected\1MQCXJCA.NQF Infected: Trojan.Win32.DNSChanger.ezd skipped
C:\Program Files\Eset\infected\21HUYNAA.NQF Infected: Trojan.Win32.Agent.tps skipped
C:\Program Files\Eset\infected\AKW30XAA.NQF Infected: Trojan.Win32.Delf.daj skipped
C:\Program Files\Eset\infected\DX1KAPCA.NQF Infected: Trojan.Win32.Agent.tgz skipped
C:\Program Files\Eset\infected\ODOXU4CA.NQF Infected: Trojan.Win32.Delf.dbc skipped
C:\Program Files\Eset\infected\OJMAAUCA.NQF Infected: Trojan-Downloader.Win32.Zlob.qyl skipped
C:\Program Files\Eset\infected\QS3C2GDA.NQF Infected: Trojan-Downloader.Win32.Delf.jte skipped
C:\Program Files\Eset\infected\UU4JEGAA.NQF Infected: Trojan.Win32.Delf.dbc skipped
C:\Program Files\Eset\logs\virlog.dat Object is locked skipped
C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped
C:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVContext.log Object is locked skipped
C:\Program Files\Norton 360\Log\AVManual.log Object is locked skipped
C:\Program Files\Norton 360\Log\Backup.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skipped
C:\Program Files\Norton 360\Log\EmailScan.log Object is locked skipped
C:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skipped
C:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skipped
C:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skipped
C:\Program Files\Norton 360\Log\NCO.log Object is locked skipped
C:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skipped
C:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skipped
C:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\afinding.exe.vir Infected: Trojan-Downloader.Win32.Delf.ldq skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\Nobicyt.exe.vir Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tmp0_247860553039.bk.vir Infected: Trojan-Downloader.Win32.Delf.jmj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tmp0_58430501325.bk.vir Infected: Trojan-Downloader.Win32.Delf.jmj skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP186\A0041385.exe Infected: Trojan.Win32.Agent.sch skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP186\A0041387.exe Infected: Trojan-Downloader.Win32.Delf.juq skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP186\A0041388.exe Infected: Trojan-Downloader.Win32.Delf.jmj skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP187\A0042423.sys Infected: Trojan.Win32.DNSChanger.ewl skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP187\A0042424.exe Infected: Trojan-Downloader.Win32.Delf.jmj skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP188\A0042435.exe Infected: Trojan-Downloader.Win32.Delf.jmj skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP189\A0042501.exe Infected: Trojan-Downloader.Win32.Delf.jmj skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP191\A0046535.exe Infected: Trojan.Win32.Agent.tsn skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP191\A0047435.exe Infected: Trojan.Win32.Agent.tso skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP192\A0047472.sys Infected: Trojan.Win32.DNSChanger.eye skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP192\A0047473.old Infected: Trojan.Win32.DNSChanger.eye skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP193\A0047497.sys Infected: Trojan-Clicker.Win32.VB.bad skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP193\A0047499.old Infected: Trojan.Win32.DNSChanger.ewi skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP193\A0047501.old Infected: Trojan.Win32.DNSChanger.ewi skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP193\A0047503.exe Infected: Trojan-Downloader.Win32.Delf.jmj skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP193\A0047504.exe Infected: Trojan.Win32.Agent.scx skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP193\A0047505.exe Infected: Trojan.Win32.Agent.scr skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP196\A0051030.exe Infected: Trojan-Downloader.Win32.Delf.jqf skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP196\A0051031.exe Infected: Trojan.Win32.Agent.vwd skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP197\A0052687.exe Infected: Trojan-Downloader.Win32.Delf.jmg skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP197\A0052688.exe Infected: Trojan.Win32.Agent.sed skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP198\A0052713.exe Infected: Trojan.Win32.Agent.suv skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP199\A0052715.sys Infected: Trojan.Win32.DNSChanger.ewt skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP199\A0052716.sys Infected: Trojan.Win32.DNSChanger.ews skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP199\A0052791.sys Object is locked skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP203\A0052877.exe Object is locked skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP203\A0052878.exe Infected: Trojan.Win32.Agent.sus skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP203\A0052881.exe Infected: Trojan-Downloader.Win32.Delf.jqv skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP207\A0053105.exe Infected: Trojan-Downloader.Win32.Delf.jqq skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP207\A0053106.exe Infected: Trojan-Downloader.Win32.Delf.jsd skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP207\A0053107.exe Infected: Trojan.Win32.Agent.tps skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP207\A0053108.exe Infected: Trojan-Downloader.Win32.Delf.jxi skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP208\A0053159.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.aj skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP209\A0054254.exe Infected: Trojan.Win32.Agent.svr skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP209\A0054274.sys Infected: Trojan-Clicker.Win32.VB.bcd skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP211\A0054513.sys Infected: Trojan-Clicker.Win32.VB.bcx skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP214\A0054674.sys Infected: Trojan-Clicker.Win32.VB.bfo skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP215\A0055654.sys Infected: Trojan-Clicker.Win32.VB.bcu skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP217\A0057669.sys Infected: Trojan-Clicker.Win32.VB.bgc skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP217\A0057688.exe Infected: Trojan-Downloader.Win32.Delf.kwp skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP217\A0057689.exe Infected: Trojan-Downloader.Win32.Delf.jxi skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP217\A0057690.exe Infected: Trojan-Downloader.Win32.Delf.jzd skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP217\A0058630.exe Infected: Trojan-Downloader.Win32.Delf.kwp skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP217\A0058631.exe Infected: Trojan-Downloader.Win32.Delf.jzd skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0058634.exe Infected: Trojan-Downloader.Win32.Delf.kwp skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0058635.exe Infected: Trojan-Downloader.Win32.Delf.jxi skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0058636.exe Infected: Trojan-Downloader.Win32.Delf.jzd skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0059632.exe Infected: Trojan-Downloader.Win32.Delf.kwp skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0059633.exe Infected: Trojan-Downloader.Win32.Delf.jzd skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0059634.exe Infected: Trojan-Downloader.Win32.Delf.jxi skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0059638.sys Infected: Trojan.Win32.Delf.dde skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0059641.sys Infected: Trojan-Clicker.Win32.VB.bjc skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0059642.exe Infected: Trojan-Downloader.Win32.Delf.ktn skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0059643.exe Infected: Trojan-Downloader.Win32.Delf.kxi skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP218\A0059644.exe Infected: Trojan-Downloader.Win32.Delf.kxl skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP220\A0059828.exe Object is locked skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP222\A0059874.exe Infected: Trojan-Downloader.Win32.Delf.kxi skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP222\A0059875.exe Infected: Trojan.Win32.Agent.tww skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP224\A0062653.exe Object is locked skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP224\A0062655.exe Object is locked skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP224\A0062656.exe Infected: Trojan-Downloader.Win32.Delf.kxl skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP224\A0062657.exe Infected: Trojan-Downloader.Win32.Delf.ktn skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP231\A0068749.exe Infected: Trojan-Downloader.Win32.Delf.ldb skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP232\A0068791.exe Infected: Trojan-Downloader.Win32.Delf.ldq skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP232\A0068793.exe Object is locked skipped
C:\System Volume Information\_restore{1612F496-2598-4135-B4D2-B6BB17A379E2}\RP238\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9EC0A507-A7D6-43A6-B558-B494D583E532}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ceswxfst.sys Infected: Trojan-Clicker.Win32.VB.bjf skipped
C:\WINDOWS\system32\cexwxfst.sys Infected: Trojan-Clicker.Win32.VB.bjc skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\otaxyzd.sys Infected: Trojan.Win32.DNSChanger.fxa skipped
C:\WINDOWS\system32\stsycod.sys Infected: Trojan.Win32.Delf.djl skipped
C:\WINDOWS\system32\sxtsyctd.sys Infected: Trojan.Win32.Delf.dsu skipped
C:\WINDOWS\system32\sxwand.sys Infected: Trojan.Win32.DNSChanger.ffh skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\yaxcnxd.sys Infected: Trojan.Win32.DNSChanger.fxa skipped
C:\WINDOWS\temp\JET7CDB.tmp Object is locked skipped
C:\WINDOWS\temp\JET7D96.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

nabster · 2008/08/06

here is the new hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:19 PM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199603103500
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games "“ Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14125 bytes

nabster · 2008/08/06

im sorry noahdfear, but it seems like my computer is still infected with viruses. i would really appreciate it if u cleaned me up. But on the up side i have not heard the random sound clips ever since u helped me. once again thank u for the help thusfar and i would appreciate it if u continued to help me clean my computer

-nabster

noahdfear · 2008/08/07

Just so you know, most of the infections are in quarantine and/or system restore points. We'll get to those in a bit, as they pose no threat.

Lets go after the files that do pose a threat. Please delete the ComboFix.exe file you currently have and download a fresh copy from here, saving it to your desktop.

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)
Code:
http://www.windowsbbs.com/malware-virus-removal/75459-bloodhound-sonar-1-a.html#post409983

Collect::
C:\WINDOWS\system32\ceswxfst.sys
C:\WINDOWS\system32\cexwxfst.sys
C:\WINDOWS\system32\otaxyzd.sys
C:\WINDOWS\system32\stsycod.sys
C:\WINDOWS\system32\sxtsyctd.sys
C:\WINDOWS\system32\sxwand.sys
C:\WINDOWS\system32\yaxcnxd.sys
Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Please note that I have instructed CFScript to collect some files. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned files. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the files for removal in future updates. Thanks!

nabster · 2008/08/08

hi noadfear,

i did as you asked but combofix still seems to freeze up during its process on windows. It always seems to stop on step 31. anyways the only way i could do it was to run combofix in safe mode. That worked very well and i did as you asked. It finished and made a log file. I saved the log file but it never asked for me to send anything so I dint do it. I dont know why it can only run in safe mode but thats the only way i can do it. And so as a result the scan finished and once again i got a log file while in safe mode but it didnt ask me to send anything. Right now i am going to send the log files for the hijack this and the combofix.

nabster · 2008/08/08

here is the combofix log:

ComboFix 08-08-08.02 - Sakran 2008-08-08 12:59:41.7 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.756 [GMT -4:00]
Running from: C:\Documents and Settings\Sakran\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sakran\Desktop\virus removal software\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ceswxfst.sys
C:\WINDOWS\system32\cexwxfst.sys
C:\WINDOWS\system32\otaxyzd.sys
C:\WINDOWS\system32\stsycod.sys
C:\WINDOWS\system32\sxtsyctd.sys
C:\WINDOWS\system32\sxwand.sys
C:\WINDOWS\system32\yaxcnxd.sys

.
((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.

2008-08-05 23:56 . 2008-08-05 23:56 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-05 23:56 . 2008-08-05 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-05 12:41 . 2008-08-05 12:41 <DIR> d-------- C:\Program Files\Headroom Learning
2008-08-05 11:48 . 2008-08-05 12:49 <DIR> d-------- C:\WINDOWS\speech
2008-07-31 20:05 . 2008-07-31 20:05 <DIR> d-------- C:\Program Files\iPod
2008-07-29 08:44 . 2008-07-29 08:44 <DIR> d-------- C:\WINDOWS\Sun
2008-07-29 08:41 . 2008-07-29 08:41 <DIR> d-------- C:\Program Files\Sun
2008-07-29 08:41 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-29 08:39 . 2008-07-29 08:41 <DIR> d-------- C:\Program Files\Java
2008-07-29 08:36 . 2008-07-29 08:36 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-27 21:09 . 2008-07-27 21:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-27 12:17 . 2008-07-27 12:17 <DIR> d-------- C:\Deckard
2008-07-27 12:13 . 2008-07-27 12:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-12 01:37 . 2008-07-12 01:37 <DIR> d-------- C:\Program Files\Bonjour
2008-07-11 13:08 . 2008-07-11 13:30 4,681,480,192 --a------ C:\SIMPSONS_PS.ISO
2008-07-10 23:30 . 2008-07-10 23:30 <DIR> d-------- C:\Program Files\Magellan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 16:52 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-07 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-07 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-04 05:23 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 00:06 --------- d-----w C:\Program Files\iTunes
2008-07-30 21:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 21:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 21:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-30 12:02 --------- d-----w C:\Program Files\Google
2008-07-27 17:38 --------- d-----w C:\Program Files\QuickTime
2008-07-27 17:38 --------- d-----w C:\Program Files\LearnLink 9.0
2008-07-27 17:38 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-27 17:38 --------- d-----w C:\Program Files\GameSpot
2008-07-27 17:38 --------- d-----w C:\Program Files\DVD Flick
2008-07-27 17:38 --------- d-----w C:\Program Files\DivX
2008-07-27 17:38 --------- d-----w C:\Program Files\AoA MP4 Converter
2008-07-11 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-11 03:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-10 15:59 --------- d-----w C:\Documents and Settings\Sakran\Application Data\Skype
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-10 12:06 --------- d-----w C:\Documents and Settings\Sakran\Application Data\skypePM
2008-07-08 01:18 --------- d-----w C:\Program Files\Eset
2008-07-04 16:29 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-04 16:29 270,336 ----a-w C:\WINDOWS\system32\imon.dll
2008-06-29 14:49 --------- d-----w C:\Program Files\Apple Software Update
2008-06-28 18:02 --------- d-----w C:\Program Files\Safari
2008-06-21 05:42 --------- d-----w C:\Program Files\DIFX
2008-06-21 05:41 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-21 05:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 04:19 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Skype
2008-06-15 05:11 --------- d-----w C:\Program Files\Microsoft Works
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 22:47 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-20 21:04 47,360 ----a-w C:\Documents and Settings\Sakran\Application Data\pcouffin.sys
2008-04-13 21:03 0 ----a-w C:\Program Files\temp01
2008-03-30 20:03 81,920 ----a-w C:\Documents and Settings\Sakran\Application Data\ezpinst.exe
2008-01-12 00:33 5,772 ----a-w C:\Program Files\install.log
.

((((((((((((((((((((((((((((( snapshot@2008-08-04_ 1.25.30.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-05 15:37:23 8,704 ----a-w C:\WINDOWS\assembly\GAC\Accessibility\1.0.3300.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2008-08-05 15:37:17 12,288 ----a-w C:\WINDOWS\assembly\GAC\cscompmgd\7.0.3300.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2008-08-05 15:37:23 34,816 ----a-w C:\WINDOWS\assembly\GAC\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2008-08-05 15:37:28 6,656 ----a-w C:\WINDOWS\assembly\GAC\IEExecRemote\1.0.3300.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2008-08-05 15:39:36 32,768 ----a-w C:\WINDOWS\assembly\GAC\IEHost\1.0.3300.0__b03f5f7f11d50a3a\IEHost.dll
+ 2008-08-05 15:37:23 4,096 ----a-w C:\WINDOWS\assembly\GAC\IIEHost\1.0.3300.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2008-08-05 15:37:23 27,136 ----a-w C:\WINDOWS\assembly\GAC\ISymWrapper\1.0.3300.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2008-08-05 15:39:52 712,704 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.JScript\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2008-08-05 15:37:16 28,672 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2008-08-05 15:39:53 286,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2008-08-05 15:37:18 5,632 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.VisualC\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2008-08-05 15:37:17 11,264 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2008-08-05 15:37:16 18,944 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.Vsa\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2008-08-05 15:37:16 6,656 ----a-w C:\WINDOWS\assembly\GAC\Microsoft_VsaVb\7.0.3300.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2008-08-05 15:39:37 1,564,672 ----a-w C:\WINDOWS\assembly\GAC\mscorcfg\1.0.3300.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2008-08-05 15:39:38 32,768 ----a-w C:\WINDOWS\assembly\GAC\Regcode\1.0.3300.0__b03f5f7f11d50a3a\RegCode.dll
+ 2008-08-05 15:39:38 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Configuration.Install\1.0.3300.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2008-08-05 15:39:39 1,175,552 ----a-w C:\WINDOWS\assembly\GAC\System.Data\1.0.3300.0__b77a5c561934e089\System.Data.dll
+ 2008-08-05 15:39:40 1,691,648 ----a-w C:\WINDOWS\assembly\GAC\System.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Design.dll
+ 2008-08-05 15:39:41 86,016 ----a-w C:\WINDOWS\assembly\GAC\System.DirectoryServices\1.0.3300.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2008-08-05 15:39:42 65,536 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2008-08-05 15:39:43 462,848 ----a-w C:\WINDOWS\assembly\GAC\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2008-08-05 15:39:44 212,992 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2008-08-05 15:39:44 47,104 ----a-w C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.3300.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2008-08-05 15:39:44 348,160 ----a-w C:\WINDOWS\assembly\GAC\System.Management\1.0.3300.0__b03f5f7f11d50a3a\System.Management.dll
+ 2008-08-05 15:39:46 241,664 ----a-w C:\WINDOWS\assembly\GAC\System.Messaging\1.0.3300.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2008-08-05 15:39:47 307,200 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Remoting\1.0.3300.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2008-08-05 15:39:47 131,072 ----a-w C:\WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.3300.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2008-08-05 15:37:27 77,824 ----a-w C:\WINDOWS\assembly\GAC\System.Security\1.0.3300.0__b03f5f7f11d50a3a\System.Security.dll
+ 2008-08-05 15:39:50 126,976 ----a-w C:\WINDOWS\assembly\GAC\System.ServiceProcess\1.0.3300.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2008-08-05 15:39:48 61,440 ----a-w C:\WINDOWS\assembly\GAC\System.Web.RegularExpressions\1.0.3300.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2008-08-05 15:39:49 503,808 ----a-w C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.3300.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2008-08-05 15:39:54 1,187,840 ----a-w C:\WINDOWS\assembly\GAC\System.Web\1.0.3300.0__b03f5f7f11d50a3a\System.Web.dll
+ 2008-08-05 15:39:50 1,982,464 ----a-w C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.3300.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2008-08-05 15:39:51 1,294,336 ----a-w C:\WINDOWS\assembly\GAC\System.Xml\1.0.3300.0__b77a5c561934e089\System.XML.dll
+ 2008-08-05 15:39:42 1,167,360 ----a-w C:\WINDOWS\assembly\GAC\System\1.0.3300.0__b77a5c561934e089\System.dll
+ 2008-08-05 16:00:23 61,440 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\CustomMarshalers\1.0.3300.0__b03f5f7f11d50a3a_ecfcf679\CustomMarshalers.dll
+ 2008-08-05 16:00:54 3,207,168 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\mscorlib\1.0.3300.0__b77a5c561934e089_cffe6fac\mscorlib.dll
+ 2008-08-05 16:01:36 1,445,888 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Design\1.0.3300.0__b03f5f7f11d50a3a_bbd421f1\System.Design.dll
+ 2008-08-05 16:01:38 90,112 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing.Design\1.0.3300.0__b03f5f7f11d50a3a_c3d6fced\System.Drawing.Design.dll
+ 2008-08-05 16:01:22 847,872 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Drawing\1.0.3300.0__b03f5f7f11d50a3a_d7bd8c83\System.Drawing.dll
+ 2008-08-05 16:01:58 2,916,352 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Windows.Forms\1.0.3300.0__b77a5c561934e089_86acbeae\System.Windows.Forms.dll
+ 2008-08-05 16:01:44 2,015,232 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System.Xml\1.0.3300.0__b77a5c561934e089_bbaca105\System.Xml.dll
+ 2008-08-05 16:01:17 1,830,912 ----a-w C:\WINDOWS\assembly\NativeImages1_v1.0.3705\System\1.0.3300.0__b77a5c561934e089_dda1f304\System.dll
+ 1999-01-12 15:39:16 6,656 ----a-w C:\WINDOWS\delttsul.exe
+ 2002-01-05 01:16:22 98,304 ----a-w C:\WINDOWS\Microsoft.NET\Framework\Install.exe
+ 2002-01-05 06:54:20 16,384 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\alinkui.dll
+ 2002-01-05 07:41:12 90,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\cscompui.dll
+ 2002-01-05 06:55:46 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\vbc7ui.dll
+ 2002-01-05 08:39:34 147,456 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\1033\Vsavb7rtUI.dll
+ 2002-01-05 12:37:50 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Accessibility.dll
+ 2002-01-05 08:34:16 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\alink.dll
+ 2002-01-05 01:42:30 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_filter.dll
+ 2002-06-12 08:47:38 196,608 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_isapi.dll
+ 2002-01-05 01:42:24 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_rc.dll
+ 2002-06-12 08:47:40 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe
+ 2002-01-05 01:42:28 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe
+ 2002-06-12 08:47:40 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe
+ 2001-11-21 17:13:06 218,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\c_g18030.dll
+ 2002-06-12 12:54:20 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe
+ 2002-01-05 12:39:06 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ConfigWizards.exe
+ 2002-06-12 08:03:56 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CORPerfMonExt.dll
+ 2002-01-05 08:49:32 49,152 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe
+ 2002-06-12 16:19:02 589,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscomp.dll
+ 2002-01-05 12:39:44 12,288 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cscompmgd.dll
+ 2002-01-05 12:39:56 34,816 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CustomMarshalers.dll
+ 2002-01-05 06:48:32 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe
+ 2002-01-05 12:01:42 438,272 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\diasymreader.dll
+ 2002-01-05 01:40:40 798,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\EventLogMessages.dll
+ 2002-06-12 08:01:54 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\fusion.dll
+ 2002-01-05 08:32:56 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe
+ 2002-06-12 12:54:28 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe
+ 2002-01-05 12:41:48 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExecRemote.dll
+ 2002-06-12 12:54:32 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEHost.dll
+ 2002-01-05 12:43:10 4,096 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IIEHost.dll
+ 2002-01-05 01:32:50 180,224 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe
+ 2002-06-12 12:54:34 24,576 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe
+ 2002-01-05 01:44:16 36,864 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtilLib.dll
+ 2002-01-05 12:44:22 27,136 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ISymWrapper.dll
+ 2002-06-12 12:54:36 40,960 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe
+ 2002-06-12 12:54:42 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.dll
+ 2002-06-12 12:54:44 286,720 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.dll
+ 2002-01-05 12:49:20 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualBasic.Vsa.dll
+ 2002-01-05 12:49:52 5,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.VisualC.Dll
+ 2002-01-05 12:54:34 18,944 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.dll
+ 2002-01-05 12:55:40 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2002-01-05 12:56:12 6,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft_VsaVb.dll
+ 2002-06-12 12:55:00 1,564,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorcfg.dll
+ 2002-01-05 01:32:38 69,632 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbc.dll
+ 2002-01-05 01:32:38 221,184 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscordbi.dll
+ 2002-01-05 01:32:40 73,728 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorie.dll
+ 2002-06-12 04:02:02 303,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorjit.dll
+ 2002-06-12 04:04:04 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorld.dll
+ 2002-06-12 16:55:02 1,953,792 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.dll
+ 2002-01-05 01:31:46 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorpe.dll
+ 2002-01-05 01:32:38 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorrc.dll
+ 2002-01-05 01:32:38 57,344 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsec.dll
+ 2002-01-05 01:32:40 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsn.dll
+ 2002-06-12 08:02:40 2,260,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorsvr.dll
+ 2002-01-05 01:32:44 8,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscortim.dll
+ 2002-06-12 08:03:24 2,260,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
+ 2002-01-05 07:40:20 487,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\msvcp70.dll
+ 2002-01-05 07:37:28 344,064 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\msvcr70.dll
+ 2002-01-05 02:14:06 942,080 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfg.dll
+ 2002-01-05 02:14:04 175,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxcfgprov.dll
+ 2002-05-09 06:38:44 45,056 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe
+ 2002-01-05 01:32:52 143,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe
+ 2002-01-05 01:40:42 20,480 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\PerfCounter.dll
+ 2002-06-12 12:55:06 28,672 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe
+ 2002-06-12 12:55:08 32,768 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegCode.dll
+ 2002-06-12 16:55:12 11,264 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe
+ 2002-01-05 01:32:14 249,856 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\shfusion.dll
+ 2002-01-05 01:32:16 114,688 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\shfusres.dll
+ 2002-06-12 12:55:22 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Configuration.Install.dll
+ 2002-06-12 12:55:24 1,175,552 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Data.dll
+ 2002-06-12 12:55:26 1,691,648 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Design.dll
+ 2002-06-12 12:55:30 86,016 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.DirectoryServices.dll
+ 2002-06-12 16:55:32 1,167,360 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.dll
+ 2002-06-12 12:55:32 65,536 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.Design.dll
+ 2002-06-12 12:55:34 462,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.dll
+ 2002-06-12 12:55:38 212,992 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.dll
+ 2002-06-12 04:04:28 47,104 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.Thunk.dll
+ 2002-06-12 16:55:40 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Management.dll
+ 2002-06-12 12:55:42 241,664 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Messaging.dll
+ 2002-06-12 12:53:44 307,200 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Remoting.dll
+ 2002-06-12 12:53:46 131,072 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Runtime.Serialization.Formatters.Soap.dll
+ 2002-01-05 13:12:50 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Security.dll
+ 2002-06-12 12:53:52 126,976 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.ServiceProcess.dll
+ 2002-06-12 16:53:54 1,187,840 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.dll
+ 2002-06-12 12:53:56 61,440 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.RegularExpressions.dll
+ 2002-06-12 12:53:58 503,808 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Web.Services.dll
+ 2002-06-12 16:54:00 1,982,464 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.dll
+ 2002-06-12 16:54:04 1,294,336 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.XML.dll
+ 2002-01-05 12:00:58 712,704 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe
+ 2002-01-05 08:39:32 999,424 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\VsaVb7rt.dll
+ 2002-01-05 02:14:14 30,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\WMINet_Utils.dll
+ 1999-01-12 19:19:12 248,832 ----a-w C:\WINDOWS\speech\spchtel.dll
+ 1999-01-12 19:19:12 562,176 ----a-w C:\WINDOWS\speech\speech.dll
+ 1999-01-12 19:09:36 380,928 ----a-w C:\WINDOWS\speech\vcmd.exe
+ 1999-01-12 19:19:12 156,160 ----a-w C:\WINDOWS\speech\vcmshl.dll
+ 1999-01-12 19:19:12 179,712 ----a-w C:\WINDOWS\speech\Vdict.dll
+ 1999-01-12 19:19:12 173,056 ----a-w C:\WINDOWS\speech\VText.dll
+ 1999-01-12 15:35:30 53,760 ----a-w C:\WINDOWS\speech\WrapSAPI.dll
+ 1999-01-12 19:19:12 128,000 ----a-w C:\WINDOWS\speech\Xcommand.dll
+ 1999-01-12 19:19:12 208,896 ----a-w C:\WINDOWS\speech\Xlisten.dll
+ 1999-01-12 19:19:12 203,776 ----a-w C:\WINDOWS\speech\XTel.Dll
+ 1999-01-12 19:19:12 195,584 ----a-w C:\WINDOWS\speech\Xvoice.dll
- 2008-06-16 11:42:19 267,008 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-08-05 17:07:49 268,600 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2005-05-24 16:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 19:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 19:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MsnMsgr "= "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"AdobeUpdater "= "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"nmctxth "= "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2007-10-01 21:08 451896]
"nmapp "= "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-10-29 23:04 451896]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"NeroFilterCheck "= "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-04-02 12:01 161328]
"LanguageShortcut "= "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 23:55 54832]
"LGODDFU "= "C:\Program Files\lg_fwupdate\fwupdate.exe" [2008-01-14 19:18 249856]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"Symantec PIF AlertEng "= "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"nod32kui "= "C:\Program Files\Eset\nod32kui.exe" [2008-07-04 12:29 921600]
"AppleSyncNotifier "= "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"VTTimer "= "VTTimer.exe" [2005-03-08 05:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"AlcxMonitor "= "ALCXMNTR.EXE" [2004-09-07 14:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter "= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sakran^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=C:\Documents and Settings\Sakran\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=C:\WINDOWS\pss\GameSpot Download Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 11:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2007-04-17 14:28 7247408 C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-02 10:33 1055792 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-10-25 17:37 2178832 C:\Program Files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2006-11-23 16:10 56928 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-29 10:21 1271032 C:\Program Files\Valve\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-07 18:08 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-06-19 15:15 3664944 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"C:\\Program Files\\NetMeeting\\conf.exe "=
"C:\\WINDOWS\\system32\\rtcshare.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe "=
"C:\\WINDOWS\\system32\\ftp.exe "=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe "=
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe "=
"C:\\Program Files\\Skype\\Phone\\Skype.exe "=
"C:\\Documents and Settings\\Sakran\\Desktop\\UT2004Demo\\System\\UT2004.exe "=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP "= 67:UDPHCP Discovery Service
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-09-21 12:24]
S3 jatmlano;jatmlano;C:\DOCUME~1\Sakran\LOCALS~1\Temp\jatmlano.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 13:02:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-08 13:04:33
ComboFix-quarantined-files.txt 2008-08-08 17:04:09
ComboFix2.txt 2008-08-04 05:27:24

Pre-Run: 35,394,531,328 bytes free
Post-Run: 35,552,505,856 bytes free

366 --- E O F --- 2008-07-09 22:09:28

nabster · 2008/08/08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:45 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199603103500
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games "“ Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13933 bytes

noahdfear · 2008/08/08

Running both Symantec and Nod32 antivirus? It's not advisable to run 2 resident antivirus apps and you should uninstall 1 of them.

Highlight and copy the bolded command below.

sc delete jatmlano

Click Start>Run and paste the command in the Run dialog then hit Enter.

Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Check the boxes to the left of:

Windows Temp

Current User Temp

All Users Temp

Temporary Internet Files

Prefetch

Java Cache

Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".

Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Now lets get an online scan. Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC now button

A new window will open...click the Scan Now button

If it wants to install an ActiveX component allow it

It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

When download is complete, it will begin scanning your computer

When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HijackThis log.

nabster · 2008/08/09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:45 PM, on 8/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199603103500
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games "“ Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 13933 bytes

noahdfear · 2008/08/10

That's the same HijackThis log as your previous post.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:45 PM, on 8/8/2008

Did you run the online scan?

nabster · 2008/08/11

here is my new hijack this log:

hijack this:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:29 AM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe "
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe "
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games "“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1199603103500
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games "“ Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games "“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 14012 bytes

there is only one problem i did the active scan but the results exceed the maximum posting rules. so i am going to post jalf and then another half of it

Log in or Sign up

Solved bloodhound.sonar.1

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

nabster Inactive Thread Starter

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

nabster Inactive Thread Starter

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

Share This Page

Log in or Sign up

Solved bloodhound.sonar.1

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

nabster Inactive Thread Starter

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

nabster Inactive Thread Starter

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

noahdfear Inactive

nabster Inactive Thread Starter

Share This Page

Useful Searches