1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Trojan Troubles

Discussion in 'Malware and Virus Removal Archive' started by TinyTuba822, 2008/02/24.

  1. 2008/02/24
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    [Resolved] Trojan Troubles

    Hi. Over the past 24 hours, Ive had issues with popups and an alert balloon that pops up right by my clock and tells me I need to install software to remove spyware on my computer. I already know that there are viruses on this computer. May I have some help removing it? My computer is an IBM NetVista, running windows XP professional SP2. Processor is an intel pentium 4 1.8ghz, and I have 768Mb of Ram.

    I have also scanned my computer with Kaspersky Online scanner, and HJT.

    Thanks for the help!
     
    Last edited: 2008/02/25
    TinyTuba822,
    #1
  2. 2008/02/24
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    Kaspersky Logfile

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, February 24, 2008 9:45:00 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 24/02/2008
    Kaspersky Anti-Virus database records: 578541
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 88435
    Number of viruses found: 7
    Number of infected objects: 25
    Number of suspicious objects: 0
    Duration of the scan process: 02:52:54

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05a8874b94deeb1967b9f1e09d64f409_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20a7bba9459dcc2f4f9bc346d127e450_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\418f945d6a63a25fdfdac5d238f8e2d7_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b354bea208fa4ded6f8bce957d341103_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ddcc4c73a0481fca08b0ec9492580e78_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e497fb9d6912c46d93644c6a7f85b7fb_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-24_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF80000\4FF848CE.VBN Infected: Trojan-Downloader.Win32.Agent.jke skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000\4FEC969B.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0005\4FECD733.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0006\4FECD77B.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0007\4FECD81B.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC000A\4FECE7C9.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC000B\4FECED06.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC000D\4FED7D8F.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC000E\4FED7DB1.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0013\4FEDA115.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0014\4FEDCA6C.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0015\4FEDCB0A.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0016\4FEDCFBC.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0017\4FEDD07F.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Valerie\.housecall6.6\Quarantine\1203783261.dll.bac_a01780 Infected: not-a-virus:AdWare.Win32.BHO.zc skipped
    C:\Documents and Settings\Valerie\Application Data\CiscoCAA\event.log Object is locked skipped
    C:\Documents and Settings\Valerie\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\History\History.IE5\MSHist012008022420080225\index.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\temp\~DF86F1.tmp Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Valerie\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Valerie\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
    C:\Program Files\NetProject\sbsm.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\Program Files\NetProject\scm.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\Program Files\NetProject\wamdl.dll Infected: Trojan-Downloader.Win32.Zlob.iec skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0000NAV~.TMP Object is locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0653NAV~.TMP Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\AIM\Console\AIM - bmichelle6412.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\AIM\Console\AIM - luigifan688.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\AIM\Console\AIM - silverbritt822.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\AIM\Console\AIM - TinyTuba822.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\ICQ\Console\ICQ - 478545754.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\MSN\Console\MSN - brittanyma06@hotmail.com.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\MSN\Console\MSN - TinyTuba822@hotmail.com.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\YAHOO\Console\YAHOO - hyper_idiot64.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\YAHOO\Console\YAHOO - TinyTuba822.log Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050337.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050339.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050365.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050367.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050392.dll Infected: not-a-virus:AdWare.Win32.BHO.zc skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP400\A0050673.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP400\A0050675.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP410\change.log Object is locked skipped
    C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
    C:\WINNT\SchedLgU.Txt Object is locked skipped
    C:\WINNT\SoftwareDistribution\EventCache\{0EC76451-6AE5-45E7-A20C-6EE24EAB53E3}.bin Object is locked skipped
    C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINNT\Sti_Trace.log Object is locked skipped
    C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINNT\system32\CatRoot2\edbtmp.log Object is locked skipped
    C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\default Object is locked skipped
    C:\WINNT\system32\config\default.LOG Object is locked skipped
    C:\WINNT\system32\config\Internet.evt Object is locked skipped
    C:\WINNT\system32\config\SAM Object is locked skipped
    C:\WINNT\system32\config\SAM.LOG Object is locked skipped
    C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\SECURITY Object is locked skipped
    C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINNT\system32\config\software Object is locked skipped
    C:\WINNT\system32\config\software.LOG Object is locked skipped
    C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\system Object is locked skipped
    C:\WINNT\system32\config\system.LOG Object is locked skipped
    C:\WINNT\system32\h323log.txt Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINNT\wiadebug.log Object is locked skipped
    C:\WINNT\wiaservc.log Object is locked skipped
    C:\WINNT\WindowsUpdate.log Object is locked skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
    TinyTuba822,
    #2


  3. to hide this advert.

  4. 2008/02/24
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    HijackThis Logfile

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:16:45 PM, on 2/24/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\WINNT\system32\wuauclt.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\WINNT\vsnpstd2.exe
    C:\Documents and Settings\Valerie\Desktop\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1203783261.dll (file missing)
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: e404 helper - {A3D76B96-30B9-4DCC-9B3D-D12E31280D29} - C:\Program Files\Helper\1203783257.dll
    O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINNT\system32\TwcToolbarBho.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINNT\system32\TwcToolbarIe7.dll
    O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINNT\vsnpstd2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/v/8.1.4.1/applet/battlephlinx/battlephlinx-en_US.cab
    O16 - DPF: Bowling by pogo - http://game1.pogo.com/v/8.1.2.14/applet/bowling/bowling-en_US.cab
    O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/v/8.1.4.1/applet/chess2/chess2-en_US.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-8.0.3.20/domino/domino-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/greenback/greenback-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-8.0.8.30/harvest/harvest-en_US.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.3.36/mhpoker/mhpoker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.9.33/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
    O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.9.41/flinger/flinger-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/applet/popfu/popfu-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/poppit2/poppit2-en_US.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.20/hotstreak/hotstreak-en_US.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.0.23/applet/spider/spider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.1.1/applet/squelchies/squelchies-en_US.cab
    O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.30/applet/sweettooth2/sweettooth2-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/peaks/peaks-en_US.cab
    O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171590453703
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191940210437
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://webapps.eku.edu/stunav/webinst.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
    O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - (no file)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 13763 bytes
     
    TinyTuba822,
    #3
  5. 2008/02/24
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Hi Tiny :)

    Download ComboFix by sUBs from here, saving the file to your desktop.

    It's best disable realtime protection applications as they sometime interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #4
  6. 2008/02/25
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    Combofix


    ComboFix 08-02-25.2 - Valerie 2008-02-25 7:33:13.7 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.372 [GMT -5:00]
    Running from: C:\Documents and Settings\Valerie\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Helper
    C:\Program Files\Helper\1203783257.dll
    C:\WINNT\system32\mcrh.tmp
    C:\WINNT\Web\default.htt
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
    .

    2008-02-24 22:12 . 2008-02-24 22:13 <DIR> d-------- C:\WINNT\LastGood
    2008-02-24 16:02 . 2007-12-06 21:21 63,488 -----c--- C:\WINNT\system32\dllcache\icardie.dll
    2008-02-24 15:31 . 2007-04-17 04:28 2,455,488 -----c--- C:\WINNT\system32\dllcache\ieapfltr.dat
    2008-02-24 15:31 . 2007-02-09 08:26 991,232 -----c--- C:\WINNT\system32\dllcache\ieframe.dll.mui
    2008-02-24 15:31 . 2007-12-06 21:21 459,264 -----c--- C:\WINNT\system32\dllcache\msfeeds.dll
    2008-02-24 15:31 . 2007-12-06 21:21 383,488 -----c--- C:\WINNT\system32\dllcache\ieapfltr.dll
    2008-02-24 15:31 . 2007-12-06 21:21 267,776 -----c--- C:\WINNT\system32\dllcache\iertutil.dll
    2008-02-24 15:31 . 2007-12-06 21:21 52,224 -----c--- C:\WINNT\system32\dllcache\msfeedsbs.dll
    2008-02-24 15:31 . 2007-12-06 06:00 13,824 -----c--- C:\WINNT\system32\dllcache\ieudinit.exe
    2008-02-24 15:30 . 2007-12-06 21:21 6,066,176 -----c--- C:\WINNT\system32\dllcache\ieframe.dll
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\tr-tr
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\th-th
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\sv-se
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\sl-si
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\sk-sk
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\ru-ru
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\ro-ro
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\pt-pt
    2008-02-24 15:29 . 2008-02-24 15:29 <DIR> d-------- C:\WINNT\system32\pt-br
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\zh-tw
    2008-02-24 12:37 . 2008-02-24 12:37 512 --a------ C:\B7E.tmp
    2008-02-24 00:47 . 2008-02-24 00:47 512 --a------ C:\68B.tmp
    2008-02-23 23:34 . 2008-02-24 12:50 <DIR> d-------- C:\WINNT\system32\ActiveScan
    2008-02-23 23:34 . 2008-02-24 12:46 30,590 --a------ C:\WINNT\system32\pavas.ico
    2008-02-23 23:34 . 2008-02-24 12:46 2,550 --a------ C:\WINNT\system32\Uninstall.ico
    2008-02-23 23:34 . 2008-02-24 12:46 1,406 --a------ C:\WINNT\system32\Help.ico
    2008-02-23 11:14 . 2008-02-23 23:19 <DIR> d-------- C:\Program Files\Sotfone
    2008-02-23 11:14 . 2008-02-24 12:51 <DIR> d-------- C:\Program Files\NetProject
    2008-02-12 08:46 . 2008-02-12 08:46 <DIR> d-------- C:\Documents and Settings\Valerie\Application Data\Talkback
    2008-02-11 12:01 . 2008-02-11 12:01 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
    2008-02-10 11:03 . 2008-02-10 11:03 <DIR> d-------- C:\WINNT\system32\XPSViewer
    2008-02-10 11:03 . 2008-02-10 11:03 <DIR> d-------- C:\Program Files\MSBuild
    2008-02-10 11:02 . 2008-02-10 11:02 <DIR> d-------- C:\Program Files\Reference Assemblies
    2008-02-10 11:01 . 2006-06-29 13:07 14,048 --------- C:\WINNT\system32\spmsg2.dll
    2008-02-10 10:53 . 2008-02-10 10:53 <DIR> d-------- C:\Program Files\MSXML 6.0
    2008-02-10 10:19 . 2006-11-13 01:02 288,768 --------- C:\WINNT\system32\rhttpaa.dll
    2008-02-10 10:19 . 2006-11-13 01:02 116,736 --------- C:\WINNT\system32\aaclient.dll
    2008-02-10 10:19 . 2006-11-13 01:02 36,352 --------- C:\WINNT\system32\tsgqec.dll
    2008-02-02 23:08 . 2008-02-02 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-02 23:06 . 2008-02-02 23:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-25 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-02-25 03:08 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-02-25 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-02-24 21:49 --------- d-----w C:\Program Files\Common Files\snpstd2
    2008-02-24 17:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-24 17:51 --------- d-----w C:\Program Files\Trillian
    2008-02-24 17:50 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-02-24 17:50 --------- d-----w C:\Program Files\Avant Browser
    2008-02-24 14:41 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-18 22:38 --------- d-----w C:\Documents and Settings\Valerie\Application Data\SiteAdvisor
    2008-02-03 04:08 --------- d-----w C:\Program Files\Lavasoft
    2008-01-21 13:16 --------- d-----w C:\Documents and Settings\Valerie\Application Data\Lavasoft
    2008-01-17 13:44 2,630,572 ----a-w C:\WINNT\java\Packages\SAPZZTF9.ZIP
    2008-01-11 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-11 23:38 --------- d-----w C:\Program Files\WinZip E-Mail Companion
    2008-01-11 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZipEC
    2008-01-09 20:37 --------- d-----w C:\Program Files\Symantec
    2008-01-09 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-09 20:32 --------- d-----w C:\Program Files\Cisco Systems
    2008-01-09 16:46 --------- d-----w C:\Program Files\CACE Technologies
    2008-01-09 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-09 00:22 --------- d---a-w C:\Program Files\NetZero
    2008-01-08 23:19 --------- d-----w C:\Program Files\Common Files\AOL
    2008-01-08 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2008-01-08 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
    2008-01-07 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-07 22:53 --------- d-----w C:\Program Files\Maxtor
    2008-01-07 22:47 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-06 13:49 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-01 22:44 1,946,402 ----a-w C:\WINNT\java\Packages\O353LB53.ZIP
    2007-12-30 18:45 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
    2007-12-27 05:56 --------- d-----w C:\Program Files\Lavalys
    2007-12-25 05:12 --------- d-----w C:\Program Files\SiteAdvisor
    2007-12-14 16:32 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
    2007-12-13 00:40 1,852,418 ----a-w C:\WINNT\java\Packages\22BZ17BN.ZIP
    2007-12-09 03:45 108,067 ----a-w C:\WINNT\java\Packages\YINF7N7Z.ZIP
    2007-12-09 03:45 1,670,294 ----a-w C:\WINNT\java\Packages\NRR7HNZH.ZIP
    2007-12-07 02:21 824,832 ----a-w C:\WINNT\system32\wininet.dll
    2007-12-05 02:02 2,763,708 ----a-w C:\WINNT\java\Packages\KRLFD33Z.ZIP
    2007-12-04 18:38 550,912 ----a-w C:\WINNT\system32\oleaut32.dll
    2006-05-22 01:30 184,808 ----a-w C:\Documents and Settings\User\Application Data\shb.dat
    2006-02-09 22:54 271 --sh--w C:\Program Files\desktop.ini
    2006-02-09 22:54 21,952 ---ha-w C:\Program Files\folder.htt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}]
    C:\Program Files\Sotfone\1203783261.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
    2008-02-24 22:08 9728 --a------ C:\Program Files\NetProject\sbmdl.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {2E5E800E-6AC0-411E-940A-369530A35E43}
    {CD292324-974F-4224-D074-CACA427AA030}
    {0BF43445-2F28-4351-9252-17FE6E806AA0}
    {81705D67-3F73-4983-859B-97D0922E5ABE}

    [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{81705D67-3F73-4983-859B-97D0922E5ABE} "= C:\Program Files\NetProject\wamdl.dll [2008-02-23 11:14 70656]

    [HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
    "ctfmon.exe "= "C:\WINNT\system32\ctfmon.exe" [2004-08-04 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MaxtorOneTouch "= "C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
    "SNPSTD2 "= "C:\WINNT\vsnpstd2.exe" [2004-06-10 11:54 286720]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 07:00 214528]
    "tscuninstall "= "C:\WINNT\system32\tscupgrd.exe" [2004-08-04 07:00 44544]

    C:\Documents and Settings\User\Start Menu\Programs\Startup\
    Microsoft Office Fast Start.lnk - C:\MSOffice\Office\FASTBOOT.EXE [1996-03-20 14848]
    Microsoft Office Find Fast Indexer.lnk - C:\MSOffice\Office\FINDFAST.EXE [1996-03-20 86528]
    Microsoft Office Shortcut Bar.lnk - C:\MSOffice\Office\MSOFFICE.EXE [1996-03-20 365056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "start "= C:\Program Files\NetProject\sbmntr.exe
    "some "= C:\Program Files\NetProject\scit.exe

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=C:\WINNT\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Internet Call Notification.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\U.S. Robotics Internet Call Notification.lnk
    backup=C:\WINNT\pss\U.S. Robotics Internet Call Notification.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
    backup=C:\WINNT\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINNT\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    --a------ 2006-07-19 19:26 52896 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
    --a------ 2007-03-16 06:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --a------ 2005-01-27 12:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    --------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    --a------ 2006-08-11 11:15 81920 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINNT\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2003-04-02 15:40 4616192 C:\WINNT\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2003-04-02 15:40 49152 C:\WINNT\system32\NVMCTRAY.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2003-04-02 15:40 323584 C:\WINNT\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
    --a------ 2007-03-30 10:42 36904 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
    --a------ 2004-06-10 11:54 286720 C:\WINNT\vsnpstd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-02 23:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    --a------ 2004-08-04 07:00 143360 C:\WINNT\system32\mobsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    --a------ 2005-09-14 20:44 65536 C:\Program Files\USB Disk Win98 Driver\Res.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    --a------ 2006-09-27 20:33 125168 C:\PROGRA~1\SYMANT~1\VPTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinZip E-Mail Companion OEAPI]
    --a------ 2007-11-19 02:00 75136 C:\Program Files\WinZip E-Mail Companion\loadwzco.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Trillian\\trillian.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\Avant Browser\\avant.exe "=
    "C:\\Program Files\\MSN Messenger\\livecall.exe "=

    R3 snpstd2;CAM 30;C:\WINNT\system32\DRIVERS\snpstd2.sys [2004-07-28 11:49]
    S3 ADM8511;ADM8511 USB To Fast Ethernet Adapter;C:\WINNT\system32\DRIVERS\ADM8511.SYS [2001-02-15 04:34]
    S3 InCDFat;Ahead InCDFat File System Driver;C:\WINNT\system32\Drivers\InCDFat.sys [2005-01-27 20:07]
    S3 samhid;samhid;C:\WINNT\system32\drivers\samhid.sys [2006-01-07 11:09]
    S3 Winacusb;Winacusb;C:\WINNT\system32\DRIVERS\winacusb.sys [2004-07-14 14:59]
    S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINNT\system32\DRIVERS\wind502u.sys [2004-03-25 07:49]

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-25 07:36:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-25 7:38:16
    ComboFix-quarantined-files.txt 2008-02-25 12:37:52
    .
    2007-09-16 23:31:27 --- E O F ---


    HJT


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:43:03 AM, on 2/25/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\WINNT\vsnpstd2.exe
    C:\Program Files\Trillian\trillian.exe
    C:\WINNT\explorer.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Valerie\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1203783261.dll (file missing)
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINNT\system32\TwcToolbarBho.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINNT\system32\TwcToolbarIe7.dll
    O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINNT\vsnpstd2.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/v/8.1.4.1/applet/battlephlinx/battlephlinx-en_US.cab
    O16 - DPF: Bowling by pogo - http://game1.pogo.com/v/8.1.2.14/applet/bowling/bowling-en_US.cab
    O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/v/8.1.4.1/applet/chess2/chess2-en_US.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-8.0.3.20/domino/domino-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/greenback/greenback-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-8.0.8.30/harvest/harvest-en_US.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.3.36/mhpoker/mhpoker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.9.33/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
    O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.9.41/flinger/flinger-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/applet/popfu/popfu-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/poppit2/poppit2-en_US.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.20/hotstreak/hotstreak-en_US.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.0.23/applet/spider/spider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.1.1/applet/squelchies/squelchies-en_US.cab
    O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.30/applet/sweettooth2/sweettooth2-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/peaks/peaks-en_US.cab
    O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171590453703
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191940210437
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://webapps.eku.edu/stunav/webinst.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    --
    End of file - 13505 bytes
     
    TinyTuba822,
    #5
  7. 2008/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    File::
C:\B7E.tmp
C:\68B.tmp
Folder::
C:\WINNT\system32\tr-tr
C:\WINNT\system32\th-th
C:\WINNT\system32\sv-se
C:\WINNT\system32\sl-si
C:\WINNT\system32\sk-sk
C:\WINNT\system32\ru-ru
C:\WINNT\system32\ro-ro
C:\WINNT\system32\pt-pt
C:\WINNT\system32\pt-br
C:\WINNT\system32\zh-tw
C:\Program Files\NetProject
C:\Program Files\Sotfone
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
 "{81705D67-3F73-4983-859B-97D0922E5ABE} "=-
[-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
 "{81705D67-3F73-4983-859B-97D0922E5ABE} "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
 "DisableCAD "=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
 "start "=-
 "some "=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
     
    noahdfear,
    #6
  8. 2008/02/25
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    File::
    C:\B7E.tmp
    C:\68B.tmp
    Folder::
    C:\WINNT\system32\tr-tr
    C:\WINNT\system32\th-th
    C:\WINNT\system32\sv-se
    C:\WINNT\system32\sl-si
    C:\WINNT\system32\sk-sk
    C:\WINNT\system32\ru-ru
    C:\WINNT\system32\ro-ro
    C:\WINNT\system32\pt-pt
    C:\WINNT\system32\pt-br
    C:\WINNT\system32\zh-tw
    C:\Program Files\NetProject
    C:\Program Files\Sotfone
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10C52A42-DB8B-4ade-AA4A-CED6A8282B67}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{81705D67-3F73-4983-859B-97D0922E5ABE} "=-
    [-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{81705D67-3F73-4983-859B-97D0922E5ABE} "=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableCAD "=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "start "=-
    "some "=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNPSTD2]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]


    '



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:37:49 PM, on 2/25/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    C:\WINNT\vsnpstd2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINNT\system32\RDSHOST.exe
    C:\WINNT\system32\sessmgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\WINNT\explorer.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Valerie\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Sotfone Tracker Class - {10C52A42-DB8B-4ade-AA4A-CED6A8282B67} - C:\Program Files\Sotfone\1203783261.dll (file missing)
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINNT\system32\TwcToolbarBho.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll
    O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINNT\system32\TwcToolbarIe7.dll
    O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINNT\vsnpstd2.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/v/8.1.4.1/applet/battlephlinx/battlephlinx-en_US.cab
    O16 - DPF: Bowling by pogo - http://game1.pogo.com/v/8.1.2.14/applet/bowling/bowling-en_US.cab
    O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/v/8.1.4.1/applet/chess2/chess2-en_US.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-8.0.3.20/domino/domino-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/greenback/greenback-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-8.0.8.30/harvest/harvest-en_US.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.3.36/mhpoker/mhpoker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.9.33/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
    O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.9.41/flinger/flinger-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/applet/popfu/popfu-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/poppit2/poppit2-en_US.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.20/hotstreak/hotstreak-en_US.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.0.23/applet/spider/spider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.1.1/applet/squelchies/squelchies-en_US.cab
    O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.30/applet/sweettooth2/sweettooth2-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/peaks/peaks-en_US.cab
    O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171590453703
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191940210437
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://webapps.eku.edu/stunav/webinst.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 14591 bytes
     
    TinyTuba822,
    #7
  9. 2008/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Please re-read my instructions regarding using notepad to create a file named CFScript.txt, then drag-n-drop CFScript.txt on top of ComboFix.exe

    Click here to see how to use CFScript.txt
     
    noahdfear,
    #8
  10. 2008/02/25
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    ComboFix 08-02-25.2 - Valerie 2008-02-25 23:19:26.9 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.310 [GMT -5:00]
    Running from: C:\Documents and Settings\Valerie\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Valerie\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\68B.tmp
    C:\B7E.tmp
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\68B.tmp
    C:\B7E.tmp
    C:\Program Files\NetProject
    C:\Program Files\NetProject\ot.ico
    C:\Program Files\NetProject\sbmdl.dll
    C:\Program Files\NetProject\sbmntr.exe
    C:\Program Files\NetProject\sbsm.exe
    C:\Program Files\NetProject\sbun.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\scm.exe
    C:\Program Files\NetProject\scu.exe
    C:\Program Files\NetProject\ts.ico
    C:\Program Files\NetProject\wamdl.dll
    C:\Program Files\NetProject\waun.exe
    C:\Program Files\Sotfone
    C:\WINNT\system32\pt-br
    C:\WINNT\system32\pt-br\admparse.dll.mui
    C:\WINNT\system32\pt-br\advpack.dll.mui
    C:\WINNT\system32\pt-br\extmgr.dll.mui
    C:\WINNT\system32\pt-br\html.iec.mui
    C:\WINNT\system32\pt-br\icardie.dll.mui
    C:\WINNT\system32\pt-br\ie4uinit.exe.mui
    C:\WINNT\system32\pt-br\ieakeng.dll.mui
    C:\WINNT\system32\pt-br\ieaksie.dll.mui
    C:\WINNT\system32\pt-br\ieakui.dll.mui
    C:\WINNT\system32\pt-br\iedkcs32.dll.mui
    C:\WINNT\system32\pt-br\ieframe.dll.mui
    C:\WINNT\system32\pt-br\iepeers.dll.mui
    C:\WINNT\system32\pt-br\iernonce.dll.mui
    C:\WINNT\system32\pt-br\iesetup.dll.mui
    C:\WINNT\system32\pt-br\ieui.dll.mui
    C:\WINNT\system32\pt-br\ieunatt.exe.mui
    C:\WINNT\system32\pt-br\inetcpl.cpl.mui
    C:\WINNT\system32\pt-br\inseng.dll.mui
    C:\WINNT\system32\pt-br\licmgr10.dll.mui
    C:\WINNT\system32\pt-br\msfeedsbs.dll.mui
    C:\WINNT\system32\pt-br\mshta.exe.mui
    C:\WINNT\system32\pt-br\mshtml.dll.mui
    C:\WINNT\system32\pt-br\mshtmled.dll.mui
    C:\WINNT\system32\pt-br\mshtmler.dll.mui
    C:\WINNT\system32\pt-br\msrating.dll.mui
    C:\WINNT\system32\pt-br\occache.dll.mui
    C:\WINNT\system32\pt-br\urlmon.dll.mui
    C:\WINNT\system32\pt-br\webcheck.dll.mui
    C:\WINNT\system32\pt-br\WinFXDocObj.exe.mui
    C:\WINNT\system32\pt-br\wininet.dll.mui
    C:\WINNT\system32\pt-pt
    C:\WINNT\system32\pt-pt\admparse.dll.mui
    C:\WINNT\system32\pt-pt\advpack.dll.mui
    C:\WINNT\system32\pt-pt\extmgr.dll.mui
    C:\WINNT\system32\pt-pt\html.iec.mui
    C:\WINNT\system32\pt-pt\icardie.dll.mui
    C:\WINNT\system32\pt-pt\ie4uinit.exe.mui
    C:\WINNT\system32\pt-pt\ieakeng.dll.mui
    C:\WINNT\system32\pt-pt\ieaksie.dll.mui
    C:\WINNT\system32\pt-pt\ieakui.dll.mui
    C:\WINNT\system32\pt-pt\iedkcs32.dll.mui
    C:\WINNT\system32\pt-pt\ieframe.dll.mui
    C:\WINNT\system32\pt-pt\iepeers.dll.mui
    C:\WINNT\system32\pt-pt\iernonce.dll.mui
    C:\WINNT\system32\pt-pt\iesetup.dll.mui
    C:\WINNT\system32\pt-pt\ieui.dll.mui
    C:\WINNT\system32\pt-pt\ieunatt.exe.mui
    C:\WINNT\system32\pt-pt\inetcpl.cpl.mui
    C:\WINNT\system32\pt-pt\inseng.dll.mui
    C:\WINNT\system32\pt-pt\licmgr10.dll.mui
    C:\WINNT\system32\pt-pt\msfeedsbs.dll.mui
    C:\WINNT\system32\pt-pt\mshta.exe.mui
    C:\WINNT\system32\pt-pt\mshtml.dll.mui
    C:\WINNT\system32\pt-pt\mshtmled.dll.mui
    C:\WINNT\system32\pt-pt\mshtmler.dll.mui
    C:\WINNT\system32\pt-pt\msrating.dll.mui
    C:\WINNT\system32\pt-pt\occache.dll.mui
    C:\WINNT\system32\pt-pt\urlmon.dll.mui
    C:\WINNT\system32\pt-pt\webcheck.dll.mui
    C:\WINNT\system32\pt-pt\WinFXDocObj.exe.mui
    C:\WINNT\system32\pt-pt\wininet.dll.mui
    C:\WINNT\system32\ro-ro
    C:\WINNT\system32\ro-ro\admparse.dll.mui
    C:\WINNT\system32\ro-ro\advpack.dll.mui
    C:\WINNT\system32\ro-ro\extmgr.dll.mui
    C:\WINNT\system32\ro-ro\html.iec.mui
    C:\WINNT\system32\ro-ro\icardie.dll.mui
    C:\WINNT\system32\ro-ro\ie4uinit.exe.mui
    C:\WINNT\system32\ro-ro\ieakeng.dll.mui
    C:\WINNT\system32\ro-ro\ieaksie.dll.mui
    C:\WINNT\system32\ro-ro\ieakui.dll.mui
    C:\WINNT\system32\ro-ro\iedkcs32.dll.mui
    C:\WINNT\system32\ro-ro\ieframe.dll.mui
    C:\WINNT\system32\ro-ro\iepeers.dll.mui
    C:\WINNT\system32\ro-ro\iernonce.dll.mui
    C:\WINNT\system32\ro-ro\iesetup.dll.mui
    C:\WINNT\system32\ro-ro\ieui.dll.mui
    C:\WINNT\system32\ro-ro\ieunatt.exe.mui
    C:\WINNT\system32\ro-ro\inetcpl.cpl.mui
    C:\WINNT\system32\ro-ro\inseng.dll.mui
    C:\WINNT\system32\ro-ro\licmgr10.dll.mui
    C:\WINNT\system32\ro-ro\msfeedsbs.dll.mui
    C:\WINNT\system32\ro-ro\mshta.exe.mui
    C:\WINNT\system32\ro-ro\mshtml.dll.mui
    C:\WINNT\system32\ro-ro\mshtmled.dll.mui
    C:\WINNT\system32\ro-ro\mshtmler.dll.mui
    C:\WINNT\system32\ro-ro\msrating.dll.mui
    C:\WINNT\system32\ro-ro\occache.dll.mui
    C:\WINNT\system32\ro-ro\urlmon.dll.mui
    C:\WINNT\system32\ro-ro\webcheck.dll.mui
    C:\WINNT\system32\ro-ro\WinFXDocObj.exe.mui
    C:\WINNT\system32\ro-ro\wininet.dll.mui
    C:\WINNT\system32\ru-ru
    C:\WINNT\system32\ru-ru\admparse.dll.mui
    C:\WINNT\system32\ru-ru\advpack.dll.mui
    C:\WINNT\system32\ru-ru\extmgr.dll.mui
    C:\WINNT\system32\ru-ru\html.iec.mui
    C:\WINNT\system32\ru-ru\icardie.dll.mui
    C:\WINNT\system32\ru-ru\ie4uinit.exe.mui
    C:\WINNT\system32\ru-ru\ieakeng.dll.mui
    C:\WINNT\system32\ru-ru\ieaksie.dll.mui
    C:\WINNT\system32\ru-ru\ieakui.dll.mui
    C:\WINNT\system32\ru-ru\iedkcs32.dll.mui
    C:\WINNT\system32\ru-ru\ieframe.dll.mui
    C:\WINNT\system32\ru-ru\iepeers.dll.mui
    C:\WINNT\system32\ru-ru\iernonce.dll.mui
    C:\WINNT\system32\ru-ru\iesetup.dll.mui
    C:\WINNT\system32\ru-ru\ieui.dll.mui
    C:\WINNT\system32\ru-ru\ieunatt.exe.mui
    C:\WINNT\system32\ru-ru\inetcpl.cpl.mui
    C:\WINNT\system32\ru-ru\inseng.dll.mui
    C:\WINNT\system32\ru-ru\licmgr10.dll.mui
    C:\WINNT\system32\ru-ru\msfeedsbs.dll.mui
    C:\WINNT\system32\ru-ru\mshta.exe.mui
    C:\WINNT\system32\ru-ru\mshtml.dll.mui
    C:\WINNT\system32\ru-ru\mshtmled.dll.mui
    C:\WINNT\system32\ru-ru\mshtmler.dll.mui
    C:\WINNT\system32\ru-ru\msrating.dll.mui
    C:\WINNT\system32\ru-ru\occache.dll.mui
    C:\WINNT\system32\ru-ru\urlmon.dll.mui
    C:\WINNT\system32\ru-ru\webcheck.dll.mui
    C:\WINNT\system32\ru-ru\WinFXDocObj.exe.mui
    C:\WINNT\system32\ru-ru\wininet.dll.mui
    C:\WINNT\system32\sk-sk
    C:\WINNT\system32\sk-sk\admparse.dll.mui
    C:\WINNT\system32\sk-sk\advpack.dll.mui
    C:\WINNT\system32\sk-sk\extmgr.dll.mui
    C:\WINNT\system32\sk-sk\html.iec.mui
    C:\WINNT\system32\sk-sk\icardie.dll.mui
    C:\WINNT\system32\sk-sk\ie4uinit.exe.mui
    C:\WINNT\system32\sk-sk\ieakeng.dll.mui
    C:\WINNT\system32\sk-sk\ieaksie.dll.mui
    C:\WINNT\system32\sk-sk\ieakui.dll.mui
    C:\WINNT\system32\sk-sk\iedkcs32.dll.mui
    C:\WINNT\system32\sk-sk\ieframe.dll.mui
    C:\WINNT\system32\sk-sk\iepeers.dll.mui
    C:\WINNT\system32\sk-sk\iernonce.dll.mui
    C:\WINNT\system32\sk-sk\iesetup.dll.mui
    C:\WINNT\system32\sk-sk\ieui.dll.mui
    C:\WINNT\system32\sk-sk\ieunatt.exe.mui
    C:\WINNT\system32\sk-sk\inetcpl.cpl.mui
    C:\WINNT\system32\sk-sk\inseng.dll.mui
    C:\WINNT\system32\sk-sk\licmgr10.dll.mui
    C:\WINNT\system32\sk-sk\msfeedsbs.dll.mui
    C:\WINNT\system32\sk-sk\mshta.exe.mui
    C:\WINNT\system32\sk-sk\mshtml.dll.mui
    C:\WINNT\system32\sk-sk\mshtmled.dll.mui
    C:\WINNT\system32\sk-sk\mshtmler.dll.mui
    C:\WINNT\system32\sk-sk\msrating.dll.mui
    C:\WINNT\system32\sk-sk\occache.dll.mui
    C:\WINNT\system32\sk-sk\urlmon.dll.mui
    C:\WINNT\system32\sk-sk\webcheck.dll.mui
    C:\WINNT\system32\sk-sk\WinFXDocObj.exe.mui
    C:\WINNT\system32\sk-sk\wininet.dll.mui
    C:\WINNT\system32\sl-si
    C:\WINNT\system32\sl-si\admparse.dll.mui
    C:\WINNT\system32\sl-si\advpack.dll.mui
    C:\WINNT\system32\sl-si\extmgr.dll.mui
    C:\WINNT\system32\sl-si\html.iec.mui
    C:\WINNT\system32\sl-si\icardie.dll.mui
    C:\WINNT\system32\sl-si\ie4uinit.exe.mui
    C:\WINNT\system32\sl-si\ieakeng.dll.mui
    C:\WINNT\system32\sl-si\ieaksie.dll.mui
    C:\WINNT\system32\sl-si\ieakui.dll.mui
    C:\WINNT\system32\sl-si\iedkcs32.dll.mui
    C:\WINNT\system32\sl-si\ieframe.dll.mui
    C:\WINNT\system32\sl-si\iepeers.dll.mui
    C:\WINNT\system32\sl-si\iernonce.dll.mui
    C:\WINNT\system32\sl-si\iesetup.dll.mui
    C:\WINNT\system32\sl-si\ieui.dll.mui
    C:\WINNT\system32\sl-si\ieunatt.exe.mui
    C:\WINNT\system32\sl-si\inetcpl.cpl.mui
    C:\WINNT\system32\sl-si\inseng.dll.mui
    C:\WINNT\system32\sl-si\licmgr10.dll.mui
    C:\WINNT\system32\sl-si\msfeedsbs.dll.mui
    C:\WINNT\system32\sl-si\mshta.exe.mui
    C:\WINNT\system32\sl-si\mshtml.dll.mui
    C:\WINNT\system32\sl-si\mshtmled.dll.mui
    C:\WINNT\system32\sl-si\mshtmler.dll.mui
    C:\WINNT\system32\sl-si\msrating.dll.mui
    C:\WINNT\system32\sl-si\occache.dll.mui
    C:\WINNT\system32\sl-si\urlmon.dll.mui
    C:\WINNT\system32\sl-si\webcheck.dll.mui
    C:\WINNT\system32\sl-si\WinFXDocObj.exe.mui
    C:\WINNT\system32\sl-si\wininet.dll.mui
    C:\WINNT\system32\sv-se
    C:\WINNT\system32\sv-se\admparse.dll.mui
    C:\WINNT\system32\sv-se\advpack.dll.mui
    C:\WINNT\system32\sv-se\extmgr.dll.mui
    C:\WINNT\system32\sv-se\html.iec.mui
    C:\WINNT\system32\sv-se\icardie.dll.mui
    C:\WINNT\system32\sv-se\ie4uinit.exe.mui
    C:\WINNT\system32\sv-se\ieakeng.dll.mui
    C:\WINNT\system32\sv-se\ieaksie.dll.mui
    C:\WINNT\system32\sv-se\ieakui.dll.mui
    C:\WINNT\system32\sv-se\iedkcs32.dll.mui
    C:\WINNT\system32\sv-se\ieframe.dll.mui
    C:\WINNT\system32\sv-se\iepeers.dll.mui
    C:\WINNT\system32\sv-se\iernonce.dll.mui
    C:\WINNT\system32\sv-se\iesetup.dll.mui
    C:\WINNT\system32\sv-se\ieui.dll.mui
    C:\WINNT\system32\sv-se\ieunatt.exe.mui
    C:\WINNT\system32\sv-se\inetcpl.cpl.mui
    C:\WINNT\system32\sv-se\inseng.dll.mui
    C:\WINNT\system32\sv-se\licmgr10.dll.mui
    C:\WINNT\system32\sv-se\msfeedsbs.dll.mui
    C:\WINNT\system32\sv-se\mshta.exe.mui
    C:\WINNT\system32\sv-se\mshtml.dll.mui
    C:\WINNT\system32\sv-se\mshtmled.dll.mui
    C:\WINNT\system32\sv-se\mshtmler.dll.mui
    C:\WINNT\system32\sv-se\msrating.dll.mui
    C:\WINNT\system32\sv-se\occache.dll.mui
    C:\WINNT\system32\sv-se\urlmon.dll.mui
    C:\WINNT\system32\sv-se\webcheck.dll.mui
    C:\WINNT\system32\sv-se\WinFXDocObj.exe.mui
    C:\WINNT\system32\sv-se\wininet.dll.mui
    C:\WINNT\system32\th-th
    C:\WINNT\system32\th-th\admparse.dll.mui
    C:\WINNT\system32\th-th\advpack.dll.mui
    C:\WINNT\system32\th-th\extmgr.dll.mui
    C:\WINNT\system32\th-th\html.iec.mui
    C:\WINNT\system32\th-th\icardie.dll.mui
    C:\WINNT\system32\th-th\ie4uinit.exe.mui
    C:\WINNT\system32\th-th\ieakeng.dll.mui
    C:\WINNT\system32\th-th\ieaksie.dll.mui
    C:\WINNT\system32\th-th\ieakui.dll.mui
    C:\WINNT\system32\th-th\iedkcs32.dll.mui
    C:\WINNT\system32\th-th\ieframe.dll.mui
    C:\WINNT\system32\th-th\iepeers.dll.mui
    C:\WINNT\system32\th-th\iernonce.dll.mui
    C:\WINNT\system32\th-th\iesetup.dll.mui
    C:\WINNT\system32\th-th\ieui.dll.mui
    C:\WINNT\system32\th-th\ieunatt.exe.mui
    C:\WINNT\system32\th-th\inetcpl.cpl.mui
    C:\WINNT\system32\th-th\inseng.dll.mui
    C:\WINNT\system32\th-th\licmgr10.dll.mui
    C:\WINNT\system32\th-th\msfeedsbs.dll.mui
    C:\WINNT\system32\th-th\mshta.exe.mui
    C:\WINNT\system32\th-th\mshtml.dll.mui
    C:\WINNT\system32\th-th\mshtmled.dll.mui
    C:\WINNT\system32\th-th\mshtmler.dll.mui
    C:\WINNT\system32\th-th\msrating.dll.mui
    C:\WINNT\system32\th-th\occache.dll.mui
    C:\WINNT\system32\th-th\urlmon.dll.mui
    C:\WINNT\system32\th-th\webcheck.dll.mui
    C:\WINNT\system32\th-th\WinFXDocObj.exe.mui
    C:\WINNT\system32\th-th\wininet.dll.mui
    C:\WINNT\system32\tr-tr
    C:\WINNT\system32\tr-tr\admparse.dll.mui
    C:\WINNT\system32\tr-tr\advpack.dll.mui
    C:\WINNT\system32\tr-tr\extmgr.dll.mui
    C:\WINNT\system32\tr-tr\html.iec.mui
    C:\WINNT\system32\tr-tr\icardie.dll.mui
    C:\WINNT\system32\tr-tr\ie4uinit.exe.mui
    C:\WINNT\system32\tr-tr\ieakeng.dll.mui
    C:\WINNT\system32\tr-tr\ieaksie.dll.mui
    C:\WINNT\system32\tr-tr\ieakui.dll.mui
    C:\WINNT\system32\tr-tr\iedkcs32.dll.mui
    C:\WINNT\system32\tr-tr\ieframe.dll.mui
    C:\WINNT\system32\tr-tr\iepeers.dll.mui
    C:\WINNT\system32\tr-tr\iernonce.dll.mui
    C:\WINNT\system32\tr-tr\iesetup.dll.mui
    C:\WINNT\system32\tr-tr\ieui.dll.mui
    C:\WINNT\system32\tr-tr\ieunatt.exe.mui
    C:\WINNT\system32\tr-tr\inetcpl.cpl.mui
    C:\WINNT\system32\tr-tr\inseng.dll.mui
    C:\WINNT\system32\tr-tr\licmgr10.dll.mui
    C:\WINNT\system32\tr-tr\msfeedsbs.dll.mui
    C:\WINNT\system32\tr-tr\mshta.exe.mui
    C:\WINNT\system32\tr-tr\mshtml.dll.mui
    C:\WINNT\system32\tr-tr\mshtmled.dll.mui
    C:\WINNT\system32\tr-tr\mshtmler.dll.mui
    C:\WINNT\system32\tr-tr\msrating.dll.mui
    C:\WINNT\system32\tr-tr\occache.dll.mui
    C:\WINNT\system32\tr-tr\urlmon.dll.mui
    C:\WINNT\system32\tr-tr\webcheck.dll.mui
    C:\WINNT\system32\tr-tr\WinFXDocObj.exe.mui
    C:\WINNT\system32\tr-tr\wininet.dll.mui
    C:\WINNT\system32\zh-tw
    C:\WINNT\system32\zh-tw\admparse.dll.mui
    C:\WINNT\system32\zh-tw\advpack.dll.mui
    C:\WINNT\system32\zh-tw\extmgr.dll.mui
    C:\WINNT\system32\zh-tw\html.iec.mui
    C:\WINNT\system32\zh-tw\icardie.dll.mui
    C:\WINNT\system32\zh-tw\ie4uinit.exe.mui
    C:\WINNT\system32\zh-tw\ieakeng.dll.mui
    C:\WINNT\system32\zh-tw\ieaksie.dll.mui
    C:\WINNT\system32\zh-tw\ieakui.dll.mui
    C:\WINNT\system32\zh-tw\iedkcs32.dll.mui
    C:\WINNT\system32\zh-tw\ieframe.dll.mui
    C:\WINNT\system32\zh-tw\iepeers.dll.mui
    C:\WINNT\system32\zh-tw\iernonce.dll.mui
    C:\WINNT\system32\zh-tw\iesetup.dll.mui
    C:\WINNT\system32\zh-tw\ieui.dll.mui
    C:\WINNT\system32\zh-tw\ieunatt.exe.mui
    C:\WINNT\system32\zh-tw\inetcpl.cpl.mui
    C:\WINNT\system32\zh-tw\inseng.dll.mui
    C:\WINNT\system32\zh-tw\licmgr10.dll.mui
    C:\WINNT\system32\zh-tw\msfeedsbs.dll.mui
    C:\WINNT\system32\zh-tw\mshta.exe.mui
    C:\WINNT\system32\zh-tw\mshtml.dll.mui
    C:\WINNT\system32\zh-tw\mshtmled.dll.mui
    C:\WINNT\system32\zh-tw\mshtmler.dll.mui
    C:\WINNT\system32\zh-tw\msrating.dll.mui
    C:\WINNT\system32\zh-tw\occache.dll.mui
    C:\WINNT\system32\zh-tw\urlmon.dll.mui
    C:\WINNT\system32\zh-tw\webcheck.dll.mui
    C:\WINNT\system32\zh-tw\WinFXDocObj.exe.mui
    C:\WINNT\system32\zh-tw\wininet.dll.mui
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
    .

    2008-02-25 21:38 . 2008-02-25 21:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2008-02-25 21:12 . 2007-11-15 18:46 83,288 --a------ C:\WINNT\system32\LMIRfsClientNP.dll
    2008-02-25 21:12 . 2007-08-03 15:09 46,112 --a------ C:\WINNT\system32\drivers\LMIRfsDriver.sys
    2008-02-25 21:12 . 2007-11-15 18:46 21,496 --a------ C:\WINNT\system32\LMIport.dll
    2008-02-25 21:11 . 2008-02-25 21:11 <DIR> d-------- C:\WINNT\LastGood
    2008-02-25 21:11 . 2008-02-25 21:13 <DIR> d-------- C:\Program Files\LogMeIn
    2008-02-25 21:11 . 2007-11-15 18:46 87,352 --a------ C:\WINNT\system32\LMIinit.dll
    2008-02-25 21:11 . 2008-02-25 21:11 1,024 --a------ C:\.rnd
    2008-02-25 17:42 . 2008-02-25 23:31 378,912 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
    2008-02-25 17:42 . 2008-02-25 17:42 32 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
    2008-02-25 17:39 . 2008-02-25 17:39 <DIR> d-------- C:\Program Files\ZoneAlarmSB
    2008-02-25 17:37 . 2008-02-25 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-02-25 17:37 . 2007-11-14 16:05 75,248 --a------ C:\WINNT\zllsputility.exe
    2008-02-25 17:37 . 2004-04-27 04:40 11,264 --a------ C:\WINNT\system32\SpOrder.dll
    2008-02-25 17:37 . 2008-02-25 17:39 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
    2008-02-25 17:36 . 2008-02-25 17:36 <DIR> d-------- C:\Program Files\Zone Labs
    2008-02-25 17:35 . 2008-02-25 23:10 <DIR> d-------- C:\WINNT\Internet Logs
    2008-02-24 16:02 . 2007-12-06 21:21 63,488 -----c--- C:\WINNT\system32\dllcache\icardie.dll
    2008-02-24 15:31 . 2007-04-17 04:28 2,455,488 -----c--- C:\WINNT\system32\dllcache\ieapfltr.dat
    2008-02-24 15:31 . 2007-02-09 08:26 991,232 -----c--- C:\WINNT\system32\dllcache\ieframe.dll.mui
    2008-02-24 15:31 . 2007-12-06 21:21 459,264 -----c--- C:\WINNT\system32\dllcache\msfeeds.dll
    2008-02-24 15:31 . 2007-12-06 21:21 383,488 -----c--- C:\WINNT\system32\dllcache\ieapfltr.dll
    2008-02-24 15:31 . 2007-12-06 21:21 267,776 -----c--- C:\WINNT\system32\dllcache\iertutil.dll
    2008-02-24 15:31 . 2007-12-06 21:21 52,224 -----c--- C:\WINNT\system32\dllcache\msfeedsbs.dll
    2008-02-24 15:31 . 2007-12-06 06:00 13,824 -----c--- C:\WINNT\system32\dllcache\ieudinit.exe
    2008-02-24 15:30 . 2007-12-06 21:21 6,066,176 -----c--- C:\WINNT\system32\dllcache\ieframe.dll
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\zh-cn
    2008-02-24 15:27 . 2008-02-24 15:28 <DIR> d-------- C:\WINNT\system32\fr-fr
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\fi-fi
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\et-ee
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\es-es
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\el-gr
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\de-de
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\da-dk
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\cs-cz
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\bg-bg
    2008-02-24 15:27 . 2008-02-24 15:27 <DIR> d-------- C:\WINNT\system32\ar-sa
    2008-02-23 23:34 . 2008-02-24 12:50 <DIR> d-------- C:\WINNT\system32\ActiveScan
    2008-02-23 23:34 . 2008-02-24 12:46 30,590 --a------ C:\WINNT\system32\pavas.ico
    2008-02-23 23:34 . 2008-02-24 12:46 2,550 --a------ C:\WINNT\system32\Uninstall.ico
    2008-02-23 23:34 . 2008-02-24 12:46 1,406 --a------ C:\WINNT\system32\Help.ico
    2008-02-12 08:46 . 2008-02-12 08:46 <DIR> d-------- C:\Documents and Settings\Valerie\Application Data\Talkback
    2008-02-11 12:01 . 2008-02-11 12:01 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
    2008-02-10 11:03 . 2008-02-10 11:03 <DIR> d-------- C:\WINNT\system32\XPSViewer
    2008-02-10 11:03 . 2008-02-10 11:03 <DIR> d-------- C:\Program Files\MSBuild
    2008-02-10 11:02 . 2008-02-10 11:02 <DIR> d-------- C:\Program Files\Reference Assemblies
    2008-02-10 11:01 . 2006-06-29 13:07 14,048 --------- C:\WINNT\system32\spmsg2.dll
    2008-02-10 10:53 . 2008-02-10 10:53 <DIR> d-------- C:\Program Files\MSXML 6.0
    2008-02-10 10:19 . 2006-11-13 01:02 288,768 --------- C:\WINNT\system32\rhttpaa.dll
    2008-02-10 10:19 . 2006-11-13 01:02 116,736 --------- C:\WINNT\system32\aaclient.dll
    2008-02-10 10:19 . 2006-11-13 01:02 36,352 --------- C:\WINNT\system32\tsgqec.dll
    2008-02-02 23:08 . 2008-02-02 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-02 23:06 . 2008-02-02 23:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-25 22:44 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-02-25 11:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-02-25 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-02-24 21:49 --------- d-----w C:\Program Files\Common Files\snpstd2
    2008-02-24 17:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-24 17:51 --------- d-----w C:\Program Files\Trillian
    2008-02-24 17:50 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-02-24 17:50 --------- d-----w C:\Program Files\Avant Browser
    2008-02-24 14:41 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-18 22:38 --------- d-----w C:\Documents and Settings\Valerie\Application Data\SiteAdvisor
    2008-02-03 04:08 --------- d-----w C:\Program Files\Lavasoft
    2008-01-21 13:16 --------- d-----w C:\Documents and Settings\Valerie\Application Data\Lavasoft
    2008-01-17 13:44 2,630,572 ----a-w C:\WINNT\java\Packages\SAPZZTF9.ZIP
    2008-01-11 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-11 23:38 --------- d-----w C:\Program Files\WinZip E-Mail Companion
    2008-01-11 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZipEC
    2008-01-09 20:37 --------- d-----w C:\Program Files\Symantec
    2008-01-09 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-09 20:32 --------- d-----w C:\Program Files\Cisco Systems
    2008-01-09 16:46 --------- d-----w C:\Program Files\CACE Technologies
    2008-01-09 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-09 00:22 --------- d---a-w C:\Program Files\NetZero
    2008-01-08 23:19 --------- d-----w C:\Program Files\Common Files\AOL
    2008-01-08 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2008-01-08 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
    2008-01-07 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-07 22:53 --------- d-----w C:\Program Files\Maxtor
    2008-01-07 22:47 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-06 13:49 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-01 22:44 1,946,402 ----a-w C:\WINNT\java\Packages\O353LB53.ZIP
    2007-12-30 18:45 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
    2007-12-27 05:56 --------- d-----w C:\Program Files\Lavalys
    2007-12-14 16:32 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
    2007-12-13 00:40 1,852,418 ----a-w C:\WINNT\java\Packages\22BZ17BN.ZIP
    2007-12-09 03:45 108,067 ----a-w C:\WINNT\java\Packages\YINF7N7Z.ZIP
    2007-12-09 03:45 1,670,294 ----a-w C:\WINNT\java\Packages\NRR7HNZH.ZIP
    2007-12-07 02:21 824,832 ----a-w C:\WINNT\system32\wininet.dll
    2007-12-05 02:02 2,763,708 ----a-w C:\WINNT\java\Packages\KRLFD33Z.ZIP
    2007-12-04 18:38 550,912 ----a-w C:\WINNT\system32\oleaut32.dll
    2006-05-22 01:30 184,808 ----a-w C:\Documents and Settings\User\Application Data\shb.dat
    2006-02-09 22:54 271 --sh--w C:\Program Files\desktop.ini
    2006-02-09 22:54 21,952 ---ha-w C:\Program Files\folder.htt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    2008-02-25 17:39 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {2E5E800E-6AC0-411E-940A-369530A35E43}
    {CD292324-974F-4224-D074-CACA427AA030}
    {0BF43445-2F28-4351-9252-17FE6E806AA0}
    {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

    [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
    "ctfmon.exe "= "C:\WINNT\system32\ctfmon.exe" [2004-08-04 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MaxtorOneTouch "= "C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
    "SNPSTD2 "= "C:\WINNT\vsnpstd2.exe" [2004-06-10 11:54 286720]
    "ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
    "LogMeIn GUI "= "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 07:00 214528]
    "tscuninstall "= "C:\WINNT\system32\tscupgrd.exe" [2004-08-04 07:00 44544]

    C:\Documents and Settings\User\Start Menu\Programs\Startup\
    Microsoft Office Fast Start.lnk - C:\MSOffice\Office\FASTBOOT.EXE [1996-03-20 14848]
    Microsoft Office Find Fast Indexer.lnk - C:\MSOffice\Office\FINDFAST.EXE [1996-03-20 86528]
    Microsoft Office Shortcut Bar.lnk - C:\MSOffice\Office\MSOFFICE.EXE [1996-03-20 365056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "some "= C:\Program Files\NetProject\scit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    LMIinit.dll 2007-11-15 18:46 87352 C:\WINNT\system32\LMIinit.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=C:\WINNT\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Internet Call Notification.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\U.S. Robotics Internet Call Notification.lnk
    backup=C:\WINNT\pss\U.S. Robotics Internet Call Notification.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
    backup=C:\WINNT\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINNT\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    --a------ 2006-07-19 19:26 52896 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
    --a------ 2007-03-16 06:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --a------ 2005-01-27 12:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    --a------ 2006-08-11 11:15 81920 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINNT\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2003-04-02 15:40 4616192 C:\WINNT\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2003-04-02 15:40 49152 C:\WINNT\system32\NVMCTRAY.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2003-04-02 15:40 323584 C:\WINNT\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
    --a------ 2007-03-30 10:42 36904 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-02 23:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    --a------ 2004-08-04 07:00 143360 C:\WINNT\system32\mobsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    --a------ 2005-09-14 20:44 65536 C:\Program Files\USB Disk Win98 Driver\Res.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    --a------ 2006-09-27 20:33 125168 C:\PROGRA~1\SYMANT~1\VPTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinZip E-Mail Companion OEAPI]
    --a------ 2007-11-19 02:00 75136 C:\Program Files\WinZip E-Mail Companion\loadwzco.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Trillian\\trillian.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\Avant Browser\\avant.exe "=
    "C:\\Program Files\\MSN Messenger\\livecall.exe "=
    "C:\\WINNT\\system32\\rtcshare.exe "=
    "C:\\WINNT\\PCHEALTH\\helpctr\\binaries\\HelpCtr.exe "=

    R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINNT\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
    R3 snpstd2;CAM 30;C:\WINNT\system32\DRIVERS\snpstd2.sys [2004-07-28 11:49]
    S3 ADM8511;ADM8511 USB To Fast Ethernet Adapter;C:\WINNT\system32\DRIVERS\ADM8511.SYS [2001-02-15 04:34]
    S3 InCDFat;Ahead InCDFat File System Driver;C:\WINNT\system32\Drivers\InCDFat.sys [2005-01-27 20:07]
    S3 samhid;samhid;C:\WINNT\system32\drivers\samhid.sys [2006-01-07 11:09]
    S3 Winacusb;Winacusb;C:\WINNT\system32\DRIVERS\winacusb.sys [2004-07-14 14:59]
    S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINNT\system32\DRIVERS\wind502u.sys [2004-03-25 07:49]

    *Newly Created Service* - KLIF
    *Newly Created Service* - LMIINFO
    *Newly Created Service* - LMIMAINT
    *Newly Created Service* - LMIRFSCLIENTNP
    *Newly Created Service* - LMIRFSDRIVER
    *Newly Created Service* - LOGMEIN
    *Newly Created Service* - SRESCAN
    *Newly Created Service* - VSMON
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-25 23:32:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-25 23:35:32
    ComboFix-quarantined-files.txt 2008-02-26 04:35:20
    ComboFix2.txt 2008-02-26 03:27:36
    ComboFix3.txt 2008-02-25 12:38:18
    .
    2007-09-16 23:31:27 --- E O F ---
     
    TinyTuba822,
    #9
  11. 2008/02/25
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:39:34 PM, on 2/25/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    C:\WINNT\vsnpstd2.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINNT\system32\RDSHOST.exe
    C:\WINNT\system32\sessmgr.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\NetProject\scit.exe
    C:\Program Files\NetProject\scm.exe
    C:\WINNT\explorer.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Valerie\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINNT\system32\TwcToolbarBho.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINNT\system32\TwcToolbarIe7.dll
    O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINNT\vsnpstd2.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe
    O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/v/8.1.4.1/applet/battlephlinx/battlephlinx-en_US.cab
    O16 - DPF: Bowling by pogo - http://game1.pogo.com/v/8.1.2.14/applet/bowling/bowling-en_US.cab
    O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/v/8.1.4.1/applet/chess2/chess2-en_US.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-8.0.3.20/domino/domino-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/greenback/greenback-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-8.0.8.30/harvest/harvest-en_US.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.3.36/mhpoker/mhpoker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.9.33/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
    O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.9.41/flinger/flinger-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/applet/popfu/popfu-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/poppit2/poppit2-en_US.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.20/hotstreak/hotstreak-en_US.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.0.23/applet/spider/spider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.1.1/applet/squelchies/squelchies-en_US.cab
    O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.30/applet/sweettooth2/sweettooth2-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/peaks/peaks-en_US.cab
    O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171590453703
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191940210437
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://webapps.eku.edu/stunav/webinst.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 14035 bytes
     
    TinyTuba822,
    #10
  12. 2008/02/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Great! Lets do yet another. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Code:
    Folder::
C:\WINNT\system32\zh-cn
C:\WINNT\system32\fr-fr
C:\WINNT\system32\fi-fi
C:\WINNT\system32\et-ee
C:\WINNT\system32\es-es
C:\WINNT\system32\el-gr
C:\WINNT\system32\de-de
C:\WINNT\system32\da-dk
C:\WINNT\system32\cs-cz
C:\WINNT\system32\bg-bg
C:\WINNT\system32\ar-sa
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
 "some "=-
    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
     
    noahdfear,
    #11
  13. 2008/02/26
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    ComboFix 08-02-25.2 - Valerie 2008-02-26 8:07:50.10 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.280 [GMT -5:00]
    Running from: C:\Documents and Settings\Valerie\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Valerie\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINNT\system32\ar-sa
    C:\WINNT\system32\ar-sa\admparse.dll.mui
    C:\WINNT\system32\ar-sa\advpack.dll.mui
    C:\WINNT\system32\ar-sa\extmgr.dll.mui
    C:\WINNT\system32\ar-sa\html.iec.mui
    C:\WINNT\system32\ar-sa\icardie.dll.mui
    C:\WINNT\system32\ar-sa\ie4uinit.exe.mui
    C:\WINNT\system32\ar-sa\ieakeng.dll.mui
    C:\WINNT\system32\ar-sa\ieaksie.dll.mui
    C:\WINNT\system32\ar-sa\ieakui.dll.mui
    C:\WINNT\system32\ar-sa\iedkcs32.dll.mui
    C:\WINNT\system32\ar-sa\ieframe.dll.mui
    C:\WINNT\system32\ar-sa\iepeers.dll.mui
    C:\WINNT\system32\ar-sa\iernonce.dll.mui
    C:\WINNT\system32\ar-sa\iesetup.dll.mui
    C:\WINNT\system32\ar-sa\ieui.dll.mui
    C:\WINNT\system32\ar-sa\ieunatt.exe.mui
    C:\WINNT\system32\ar-sa\inetcpl.cpl.mui
    C:\WINNT\system32\ar-sa\inseng.dll.mui
    C:\WINNT\system32\ar-sa\licmgr10.dll.mui
    C:\WINNT\system32\ar-sa\msfeedsbs.dll.mui
    C:\WINNT\system32\ar-sa\mshta.exe.mui
    C:\WINNT\system32\ar-sa\mshtml.dll.mui
    C:\WINNT\system32\ar-sa\mshtmled.dll.mui
    C:\WINNT\system32\ar-sa\mshtmler.dll.mui
    C:\WINNT\system32\ar-sa\msrating.dll.mui
    C:\WINNT\system32\ar-sa\occache.dll.mui
    C:\WINNT\system32\ar-sa\urlmon.dll.mui
    C:\WINNT\system32\ar-sa\webcheck.dll.mui
    C:\WINNT\system32\ar-sa\WinFXDocObj.exe.mui
    C:\WINNT\system32\ar-sa\wininet.dll.mui
    C:\WINNT\system32\bg-bg
    C:\WINNT\system32\bg-bg\admparse.dll.mui
    C:\WINNT\system32\bg-bg\advpack.dll.mui
    C:\WINNT\system32\bg-bg\extmgr.dll.mui
    C:\WINNT\system32\bg-bg\html.iec.mui
    C:\WINNT\system32\bg-bg\icardie.dll.mui
    C:\WINNT\system32\bg-bg\ie4uinit.exe.mui
    C:\WINNT\system32\bg-bg\ieakeng.dll.mui
    C:\WINNT\system32\bg-bg\ieaksie.dll.mui
    C:\WINNT\system32\bg-bg\ieakui.dll.mui
    C:\WINNT\system32\bg-bg\iedkcs32.dll.mui
    C:\WINNT\system32\bg-bg\ieframe.dll.mui
    C:\WINNT\system32\bg-bg\iepeers.dll.mui
    C:\WINNT\system32\bg-bg\iernonce.dll.mui
    C:\WINNT\system32\bg-bg\iesetup.dll.mui
    C:\WINNT\system32\bg-bg\ieui.dll.mui
    C:\WINNT\system32\bg-bg\ieunatt.exe.mui
    C:\WINNT\system32\bg-bg\inetcpl.cpl.mui
    C:\WINNT\system32\bg-bg\inseng.dll.mui
    C:\WINNT\system32\bg-bg\licmgr10.dll.mui
    C:\WINNT\system32\bg-bg\msfeedsbs.dll.mui
    C:\WINNT\system32\bg-bg\mshta.exe.mui
    C:\WINNT\system32\bg-bg\mshtml.dll.mui
    C:\WINNT\system32\bg-bg\mshtmled.dll.mui
    C:\WINNT\system32\bg-bg\mshtmler.dll.mui
    C:\WINNT\system32\bg-bg\msrating.dll.mui
    C:\WINNT\system32\bg-bg\occache.dll.mui
    C:\WINNT\system32\bg-bg\urlmon.dll.mui
    C:\WINNT\system32\bg-bg\webcheck.dll.mui
    C:\WINNT\system32\bg-bg\WinFXDocObj.exe.mui
    C:\WINNT\system32\bg-bg\wininet.dll.mui
    C:\WINNT\system32\cs-cz
    C:\WINNT\system32\cs-cz\admparse.dll.mui
    C:\WINNT\system32\cs-cz\advpack.dll.mui
    C:\WINNT\system32\cs-cz\extmgr.dll.mui
    C:\WINNT\system32\cs-cz\html.iec.mui
    C:\WINNT\system32\cs-cz\icardie.dll.mui
    C:\WINNT\system32\cs-cz\ie4uinit.exe.mui
    C:\WINNT\system32\cs-cz\ieakeng.dll.mui
    C:\WINNT\system32\cs-cz\ieaksie.dll.mui
    C:\WINNT\system32\cs-cz\ieakui.dll.mui
    C:\WINNT\system32\cs-cz\iedkcs32.dll.mui
    C:\WINNT\system32\cs-cz\ieframe.dll.mui
    C:\WINNT\system32\cs-cz\iepeers.dll.mui
    C:\WINNT\system32\cs-cz\iernonce.dll.mui
    C:\WINNT\system32\cs-cz\iesetup.dll.mui
    C:\WINNT\system32\cs-cz\ieui.dll.mui
    C:\WINNT\system32\cs-cz\ieunatt.exe.mui
    C:\WINNT\system32\cs-cz\inetcpl.cpl.mui
    C:\WINNT\system32\cs-cz\inseng.dll.mui
    C:\WINNT\system32\cs-cz\licmgr10.dll.mui
    C:\WINNT\system32\cs-cz\msfeedsbs.dll.mui
    C:\WINNT\system32\cs-cz\mshta.exe.mui
    C:\WINNT\system32\cs-cz\mshtml.dll.mui
    C:\WINNT\system32\cs-cz\mshtmled.dll.mui
    C:\WINNT\system32\cs-cz\mshtmler.dll.mui
    C:\WINNT\system32\cs-cz\msrating.dll.mui
    C:\WINNT\system32\cs-cz\occache.dll.mui
    C:\WINNT\system32\cs-cz\urlmon.dll.mui
    C:\WINNT\system32\cs-cz\webcheck.dll.mui
    C:\WINNT\system32\cs-cz\WinFXDocObj.exe.mui
    C:\WINNT\system32\cs-cz\wininet.dll.mui
    C:\WINNT\system32\da-dk
    C:\WINNT\system32\da-dk\admparse.dll.mui
    C:\WINNT\system32\da-dk\advpack.dll.mui
    C:\WINNT\system32\da-dk\extmgr.dll.mui
    C:\WINNT\system32\da-dk\html.iec.mui
    C:\WINNT\system32\da-dk\icardie.dll.mui
    C:\WINNT\system32\da-dk\ie4uinit.exe.mui
    C:\WINNT\system32\da-dk\ieakeng.dll.mui
    C:\WINNT\system32\da-dk\ieaksie.dll.mui
    C:\WINNT\system32\da-dk\ieakui.dll.mui
    C:\WINNT\system32\da-dk\iedkcs32.dll.mui
    C:\WINNT\system32\da-dk\ieframe.dll.mui
    C:\WINNT\system32\da-dk\iepeers.dll.mui
    C:\WINNT\system32\da-dk\iernonce.dll.mui
    C:\WINNT\system32\da-dk\iesetup.dll.mui
    C:\WINNT\system32\da-dk\ieui.dll.mui
    C:\WINNT\system32\da-dk\ieunatt.exe.mui
    C:\WINNT\system32\da-dk\inetcpl.cpl.mui
    C:\WINNT\system32\da-dk\inseng.dll.mui
    C:\WINNT\system32\da-dk\licmgr10.dll.mui
    C:\WINNT\system32\da-dk\msfeedsbs.dll.mui
    C:\WINNT\system32\da-dk\mshta.exe.mui
    C:\WINNT\system32\da-dk\mshtml.dll.mui
    C:\WINNT\system32\da-dk\mshtmled.dll.mui
    C:\WINNT\system32\da-dk\mshtmler.dll.mui
    C:\WINNT\system32\da-dk\msrating.dll.mui
    C:\WINNT\system32\da-dk\occache.dll.mui
    C:\WINNT\system32\da-dk\urlmon.dll.mui
    C:\WINNT\system32\da-dk\webcheck.dll.mui
    C:\WINNT\system32\da-dk\WinFXDocObj.exe.mui
    C:\WINNT\system32\da-dk\wininet.dll.mui
    C:\WINNT\system32\de-de
    C:\WINNT\system32\de-de\admparse.dll.mui
    C:\WINNT\system32\de-de\advpack.dll.mui
    C:\WINNT\system32\de-de\extmgr.dll.mui
    C:\WINNT\system32\de-de\html.iec.mui
    C:\WINNT\system32\de-de\icardie.dll.mui
    C:\WINNT\system32\de-de\ie4uinit.exe.mui
    C:\WINNT\system32\de-de\ieakeng.dll.mui
    C:\WINNT\system32\de-de\ieaksie.dll.mui
    C:\WINNT\system32\de-de\ieakui.dll.mui
    C:\WINNT\system32\de-de\iedkcs32.dll.mui
    C:\WINNT\system32\de-de\ieframe.dll.mui
    C:\WINNT\system32\de-de\iepeers.dll.mui
    C:\WINNT\system32\de-de\iernonce.dll.mui
    C:\WINNT\system32\de-de\iesetup.dll.mui
    C:\WINNT\system32\de-de\ieui.dll.mui
    C:\WINNT\system32\de-de\ieunatt.exe.mui
    C:\WINNT\system32\de-de\inetcpl.cpl.mui
    C:\WINNT\system32\de-de\inseng.dll.mui
    C:\WINNT\system32\de-de\licmgr10.dll.mui
    C:\WINNT\system32\de-de\msfeedsbs.dll.mui
    C:\WINNT\system32\de-de\mshta.exe.mui
    C:\WINNT\system32\de-de\mshtml.dll.mui
    C:\WINNT\system32\de-de\mshtmled.dll.mui
    C:\WINNT\system32\de-de\mshtmler.dll.mui
    C:\WINNT\system32\de-de\msrating.dll.mui
    C:\WINNT\system32\de-de\occache.dll.mui
    C:\WINNT\system32\de-de\urlmon.dll.mui
    C:\WINNT\system32\de-de\webcheck.dll.mui
    C:\WINNT\system32\de-de\WinFXDocObj.exe.mui
    C:\WINNT\system32\de-de\wininet.dll.mui
    C:\WINNT\system32\el-gr
    C:\WINNT\system32\el-gr\admparse.dll.mui
    C:\WINNT\system32\el-gr\advpack.dll.mui
    C:\WINNT\system32\el-gr\extmgr.dll.mui
    C:\WINNT\system32\el-gr\html.iec.mui
    C:\WINNT\system32\el-gr\icardie.dll.mui
    C:\WINNT\system32\el-gr\ie4uinit.exe.mui
    C:\WINNT\system32\el-gr\ieakeng.dll.mui
    C:\WINNT\system32\el-gr\ieaksie.dll.mui
    C:\WINNT\system32\el-gr\ieakui.dll.mui
    C:\WINNT\system32\el-gr\iedkcs32.dll.mui
    C:\WINNT\system32\el-gr\ieframe.dll.mui
    C:\WINNT\system32\el-gr\iepeers.dll.mui
    C:\WINNT\system32\el-gr\iernonce.dll.mui
    C:\WINNT\system32\el-gr\iesetup.dll.mui
    C:\WINNT\system32\el-gr\ieui.dll.mui
    C:\WINNT\system32\el-gr\ieunatt.exe.mui
    C:\WINNT\system32\el-gr\inetcpl.cpl.mui
    C:\WINNT\system32\el-gr\inseng.dll.mui
    C:\WINNT\system32\el-gr\licmgr10.dll.mui
    C:\WINNT\system32\el-gr\msfeedsbs.dll.mui
    C:\WINNT\system32\el-gr\mshta.exe.mui
    C:\WINNT\system32\el-gr\mshtml.dll.mui
    C:\WINNT\system32\el-gr\mshtmled.dll.mui
    C:\WINNT\system32\el-gr\mshtmler.dll.mui
    C:\WINNT\system32\el-gr\msrating.dll.mui
    C:\WINNT\system32\el-gr\occache.dll.mui
    C:\WINNT\system32\el-gr\urlmon.dll.mui
    C:\WINNT\system32\el-gr\webcheck.dll.mui
    C:\WINNT\system32\el-gr\WinFXDocObj.exe.mui
    C:\WINNT\system32\el-gr\wininet.dll.mui
    C:\WINNT\system32\es-es
    C:\WINNT\system32\es-es\admparse.dll.mui
    C:\WINNT\system32\es-es\advpack.dll.mui
    C:\WINNT\system32\es-es\extmgr.dll.mui
    C:\WINNT\system32\es-es\html.iec.mui
    C:\WINNT\system32\es-es\icardie.dll.mui
    C:\WINNT\system32\es-es\ie4uinit.exe.mui
    C:\WINNT\system32\es-es\ieakeng.dll.mui
    C:\WINNT\system32\es-es\ieaksie.dll.mui
    C:\WINNT\system32\es-es\ieakui.dll.mui
    C:\WINNT\system32\es-es\iedkcs32.dll.mui
    C:\WINNT\system32\es-es\ieframe.dll.mui
    C:\WINNT\system32\es-es\iepeers.dll.mui
    C:\WINNT\system32\es-es\iernonce.dll.mui
    C:\WINNT\system32\es-es\iesetup.dll.mui
    C:\WINNT\system32\es-es\ieui.dll.mui
    C:\WINNT\system32\es-es\ieunatt.exe.mui
    C:\WINNT\system32\es-es\inetcpl.cpl.mui
    C:\WINNT\system32\es-es\inseng.dll.mui
    C:\WINNT\system32\es-es\licmgr10.dll.mui
    C:\WINNT\system32\es-es\msfeedsbs.dll.mui
    C:\WINNT\system32\es-es\mshta.exe.mui
    C:\WINNT\system32\es-es\mshtml.dll.mui
    C:\WINNT\system32\es-es\mshtmled.dll.mui
    C:\WINNT\system32\es-es\mshtmler.dll.mui
    C:\WINNT\system32\es-es\msrating.dll.mui
    C:\WINNT\system32\es-es\occache.dll.mui
    C:\WINNT\system32\es-es\urlmon.dll.mui
    C:\WINNT\system32\es-es\webcheck.dll.mui
    C:\WINNT\system32\es-es\WinFXDocObj.exe.mui
    C:\WINNT\system32\es-es\wininet.dll.mui
    C:\WINNT\system32\et-ee
    C:\WINNT\system32\et-ee\admparse.dll.mui
    C:\WINNT\system32\et-ee\advpack.dll.mui
    C:\WINNT\system32\et-ee\extmgr.dll.mui
    C:\WINNT\system32\et-ee\html.iec.mui
    C:\WINNT\system32\et-ee\icardie.dll.mui
    C:\WINNT\system32\et-ee\ie4uinit.exe.mui
    C:\WINNT\system32\et-ee\ieakeng.dll.mui
    C:\WINNT\system32\et-ee\ieaksie.dll.mui
    C:\WINNT\system32\et-ee\ieakui.dll.mui
    C:\WINNT\system32\et-ee\iedkcs32.dll.mui
    C:\WINNT\system32\et-ee\ieframe.dll.mui
    C:\WINNT\system32\et-ee\iepeers.dll.mui
    C:\WINNT\system32\et-ee\iernonce.dll.mui
    C:\WINNT\system32\et-ee\iesetup.dll.mui
    C:\WINNT\system32\et-ee\ieui.dll.mui
    C:\WINNT\system32\et-ee\ieunatt.exe.mui
    C:\WINNT\system32\et-ee\inetcpl.cpl.mui
    C:\WINNT\system32\et-ee\inseng.dll.mui
    C:\WINNT\system32\et-ee\licmgr10.dll.mui
    C:\WINNT\system32\et-ee\msfeedsbs.dll.mui
    C:\WINNT\system32\et-ee\mshta.exe.mui
    C:\WINNT\system32\et-ee\mshtml.dll.mui
    C:\WINNT\system32\et-ee\mshtmled.dll.mui
    C:\WINNT\system32\et-ee\mshtmler.dll.mui
    C:\WINNT\system32\et-ee\msrating.dll.mui
    C:\WINNT\system32\et-ee\occache.dll.mui
    C:\WINNT\system32\et-ee\urlmon.dll.mui
    C:\WINNT\system32\et-ee\webcheck.dll.mui
    C:\WINNT\system32\et-ee\WinFXDocObj.exe.mui
    C:\WINNT\system32\et-ee\wininet.dll.mui
    C:\WINNT\system32\fi-fi
    C:\WINNT\system32\fi-fi\admparse.dll.mui
    C:\WINNT\system32\fi-fi\advpack.dll.mui
    C:\WINNT\system32\fi-fi\extmgr.dll.mui
    C:\WINNT\system32\fi-fi\html.iec.mui
    C:\WINNT\system32\fi-fi\icardie.dll.mui
    C:\WINNT\system32\fi-fi\ie4uinit.exe.mui
    C:\WINNT\system32\fi-fi\ieakeng.dll.mui
    C:\WINNT\system32\fi-fi\ieaksie.dll.mui
    C:\WINNT\system32\fi-fi\ieakui.dll.mui
    C:\WINNT\system32\fi-fi\iedkcs32.dll.mui
    C:\WINNT\system32\fi-fi\ieframe.dll.mui
    C:\WINNT\system32\fi-fi\iepeers.dll.mui
    C:\WINNT\system32\fi-fi\iernonce.dll.mui
    C:\WINNT\system32\fi-fi\iesetup.dll.mui
    C:\WINNT\system32\fi-fi\ieui.dll.mui
    C:\WINNT\system32\fi-fi\ieunatt.exe.mui
    C:\WINNT\system32\fi-fi\inetcpl.cpl.mui
    C:\WINNT\system32\fi-fi\inseng.dll.mui
    C:\WINNT\system32\fi-fi\licmgr10.dll.mui
    C:\WINNT\system32\fi-fi\msfeedsbs.dll.mui
    C:\WINNT\system32\fi-fi\mshta.exe.mui
    C:\WINNT\system32\fi-fi\mshtml.dll.mui
    C:\WINNT\system32\fi-fi\mshtmled.dll.mui
    C:\WINNT\system32\fi-fi\mshtmler.dll.mui
    C:\WINNT\system32\fi-fi\msrating.dll.mui
    C:\WINNT\system32\fi-fi\occache.dll.mui
    C:\WINNT\system32\fi-fi\urlmon.dll.mui
    C:\WINNT\system32\fi-fi\webcheck.dll.mui
    C:\WINNT\system32\fi-fi\WinFXDocObj.exe.mui
    C:\WINNT\system32\fi-fi\wininet.dll.mui
    C:\WINNT\system32\fr-fr
    C:\WINNT\system32\fr-fr\admparse.dll.mui
    C:\WINNT\system32\fr-fr\advpack.dll.mui
    C:\WINNT\system32\fr-fr\extmgr.dll.mui
    C:\WINNT\system32\fr-fr\html.iec.mui
    C:\WINNT\system32\fr-fr\icardie.dll.mui
    C:\WINNT\system32\fr-fr\ie4uinit.exe.mui
    C:\WINNT\system32\fr-fr\ieakeng.dll.mui
    C:\WINNT\system32\fr-fr\ieaksie.dll.mui
    C:\WINNT\system32\fr-fr\ieakui.dll.mui
    C:\WINNT\system32\fr-fr\iedkcs32.dll.mui
    C:\WINNT\system32\fr-fr\ieframe.dll.mui
    C:\WINNT\system32\fr-fr\iepeers.dll.mui
    C:\WINNT\system32\fr-fr\iernonce.dll.mui
    C:\WINNT\system32\fr-fr\iesetup.dll.mui
    C:\WINNT\system32\fr-fr\ieui.dll.mui
    C:\WINNT\system32\fr-fr\ieunatt.exe.mui
    C:\WINNT\system32\fr-fr\inetcpl.cpl.mui
    C:\WINNT\system32\fr-fr\inseng.dll.mui
    C:\WINNT\system32\fr-fr\licmgr10.dll.mui
    C:\WINNT\system32\fr-fr\msfeedsbs.dll.mui
    C:\WINNT\system32\fr-fr\mshta.exe.mui
    C:\WINNT\system32\fr-fr\mshtml.dll.mui
    C:\WINNT\system32\fr-fr\mshtmled.dll.mui
    C:\WINNT\system32\fr-fr\mshtmler.dll.mui
    C:\WINNT\system32\fr-fr\msrating.dll.mui
    C:\WINNT\system32\fr-fr\occache.dll.mui
    C:\WINNT\system32\fr-fr\urlmon.dll.mui
    C:\WINNT\system32\fr-fr\webcheck.dll.mui
    C:\WINNT\system32\fr-fr\WinFXDocObj.exe.mui
    C:\WINNT\system32\fr-fr\wininet.dll.mui
    C:\WINNT\system32\zh-cn
    C:\WINNT\system32\zh-cn\admparse.dll.mui
    C:\WINNT\system32\zh-cn\advpack.dll.mui
    C:\WINNT\system32\zh-cn\extmgr.dll.mui
    C:\WINNT\system32\zh-cn\html.iec.mui
    C:\WINNT\system32\zh-cn\icardie.dll.mui
    C:\WINNT\system32\zh-cn\ie4uinit.exe.mui
    C:\WINNT\system32\zh-cn\ieakeng.dll.mui
    C:\WINNT\system32\zh-cn\ieaksie.dll.mui
    C:\WINNT\system32\zh-cn\ieakui.dll.mui
    C:\WINNT\system32\zh-cn\iedkcs32.dll.mui
    C:\WINNT\system32\zh-cn\ieframe.dll.mui
    C:\WINNT\system32\zh-cn\iepeers.dll.mui
    C:\WINNT\system32\zh-cn\iernonce.dll.mui
    C:\WINNT\system32\zh-cn\iesetup.dll.mui
    C:\WINNT\system32\zh-cn\ieui.dll.mui
    C:\WINNT\system32\zh-cn\ieunatt.exe.mui
    C:\WINNT\system32\zh-cn\inetcpl.cpl.mui
    C:\WINNT\system32\zh-cn\inseng.dll.mui
    C:\WINNT\system32\zh-cn\licmgr10.dll.mui
    C:\WINNT\system32\zh-cn\msfeedsbs.dll.mui
    C:\WINNT\system32\zh-cn\mshta.exe.mui
    C:\WINNT\system32\zh-cn\mshtml.dll.mui
    C:\WINNT\system32\zh-cn\mshtmled.dll.mui
    C:\WINNT\system32\zh-cn\mshtmler.dll.mui
    C:\WINNT\system32\zh-cn\msrating.dll.mui
    C:\WINNT\system32\zh-cn\occache.dll.mui
    C:\WINNT\system32\zh-cn\urlmon.dll.mui
    C:\WINNT\system32\zh-cn\webcheck.dll.mui
    C:\WINNT\system32\zh-cn\WinFXDocObj.exe.mui
    C:\WINNT\system32\zh-cn\wininet.dll.mui
    E:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
    .

    2008-02-25 21:38 . 2008-02-25 21:38 <DIR> d-------- C:\Program Files\Windows Live Safety Center
    2008-02-25 21:12 . 2007-11-15 18:46 83,288 --a------ C:\WINNT\system32\LMIRfsClientNP.dll
    2008-02-25 21:12 . 2007-08-03 15:09 46,112 --a------ C:\WINNT\system32\drivers\LMIRfsDriver.sys
    2008-02-25 21:12 . 2007-11-15 18:46 21,496 --a------ C:\WINNT\system32\LMIport.dll
    2008-02-25 21:11 . 2008-02-25 21:11 <DIR> d-------- C:\WINNT\LastGood
    2008-02-25 21:11 . 2008-02-26 00:01 <DIR> d-------- C:\Program Files\LogMeIn
    2008-02-25 21:11 . 2007-11-15 18:46 87,352 --a------ C:\WINNT\system32\LMIinit.dll
    2008-02-25 21:11 . 2008-02-25 21:11 1,024 --a------ C:\.rnd
    2008-02-25 17:42 . 2008-02-26 08:20 430,112 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
    2008-02-25 17:42 . 2008-02-25 17:42 32 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
    2008-02-25 17:39 . 2008-02-25 17:39 <DIR> d-------- C:\Program Files\ZoneAlarmSB
    2008-02-25 17:37 . 2008-02-25 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2008-02-25 17:37 . 2007-11-14 16:05 75,248 --a------ C:\WINNT\zllsputility.exe
    2008-02-25 17:37 . 2004-04-27 04:40 11,264 --a------ C:\WINNT\system32\SpOrder.dll
    2008-02-25 17:37 . 2008-02-25 17:39 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
    2008-02-25 17:36 . 2008-02-25 17:36 <DIR> d-------- C:\Program Files\Zone Labs
    2008-02-25 17:35 . 2008-02-26 07:57 <DIR> d-------- C:\WINNT\Internet Logs
    2008-02-24 16:02 . 2007-12-06 21:21 63,488 -----c--- C:\WINNT\system32\dllcache\icardie.dll
    2008-02-24 15:31 . 2007-04-17 04:28 2,455,488 -----c--- C:\WINNT\system32\dllcache\ieapfltr.dat
    2008-02-24 15:31 . 2007-02-09 08:26 991,232 -----c--- C:\WINNT\system32\dllcache\ieframe.dll.mui
    2008-02-24 15:31 . 2007-12-06 21:21 459,264 -----c--- C:\WINNT\system32\dllcache\msfeeds.dll
    2008-02-24 15:31 . 2007-12-06 21:21 383,488 -----c--- C:\WINNT\system32\dllcache\ieapfltr.dll
    2008-02-24 15:31 . 2007-12-06 21:21 267,776 -----c--- C:\WINNT\system32\dllcache\iertutil.dll
    2008-02-24 15:31 . 2007-12-06 21:21 52,224 -----c--- C:\WINNT\system32\dllcache\msfeedsbs.dll
    2008-02-24 15:31 . 2007-12-06 06:00 13,824 -----c--- C:\WINNT\system32\dllcache\ieudinit.exe
    2008-02-24 15:30 . 2007-12-06 21:21 6,066,176 -----c--- C:\WINNT\system32\dllcache\ieframe.dll
    2008-02-23 23:34 . 2008-02-24 12:50 <DIR> d-------- C:\WINNT\system32\ActiveScan
    2008-02-23 23:34 . 2008-02-24 12:46 30,590 --a------ C:\WINNT\system32\pavas.ico
    2008-02-23 23:34 . 2008-02-24 12:46 2,550 --a------ C:\WINNT\system32\Uninstall.ico
    2008-02-23 23:34 . 2008-02-24 12:46 1,406 --a------ C:\WINNT\system32\Help.ico
    2008-02-12 08:46 . 2008-02-12 08:46 <DIR> d-------- C:\Documents and Settings\Valerie\Application Data\Talkback
    2008-02-11 12:01 . 2008-02-11 12:01 <DIR> d-------- C:\Program Files\Microsoft Calculator Plus
    2008-02-10 11:03 . 2008-02-10 11:03 <DIR> d-------- C:\WINNT\system32\XPSViewer
    2008-02-10 11:03 . 2008-02-10 11:03 <DIR> d-------- C:\Program Files\MSBuild
    2008-02-10 11:02 . 2008-02-10 11:02 <DIR> d-------- C:\Program Files\Reference Assemblies
    2008-02-10 11:01 . 2006-06-29 13:07 14,048 --------- C:\WINNT\system32\spmsg2.dll
    2008-02-10 10:53 . 2008-02-10 10:53 <DIR> d-------- C:\Program Files\MSXML 6.0
    2008-02-10 10:19 . 2006-11-13 01:02 288,768 --------- C:\WINNT\system32\rhttpaa.dll
    2008-02-10 10:19 . 2006-11-13 01:02 116,736 --------- C:\WINNT\system32\aaclient.dll
    2008-02-10 10:19 . 2006-11-13 01:02 36,352 --------- C:\WINNT\system32\tsgqec.dll
    2008-02-02 23:08 . 2008-02-02 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-02-02 23:06 . 2008-02-02 23:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-26 12:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-02-25 22:44 --------- d-----w C:\Program Files\Symantec AntiVirus
    2008-02-25 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
    2008-02-24 21:49 --------- d-----w C:\Program Files\Common Files\snpstd2
    2008-02-24 17:52 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-02-24 17:51 --------- d-----w C:\Program Files\Trillian
    2008-02-24 17:50 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-02-24 17:50 --------- d-----w C:\Program Files\Avant Browser
    2008-02-24 14:41 --------- d-----w C:\Program Files\MSN Messenger
    2008-02-18 22:38 --------- d-----w C:\Documents and Settings\Valerie\Application Data\SiteAdvisor
    2008-02-03 04:08 --------- d-----w C:\Program Files\Lavasoft
    2008-01-21 13:16 --------- d-----w C:\Documents and Settings\Valerie\Application Data\Lavasoft
    2008-01-17 13:44 2,630,572 ----a-w C:\WINNT\java\Packages\SAPZZTF9.ZIP
    2008-01-11 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
    2008-01-11 23:38 --------- d-----w C:\Program Files\WinZip E-Mail Companion
    2008-01-11 23:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZipEC
    2008-01-09 20:37 --------- d-----w C:\Program Files\Symantec
    2008-01-09 20:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-01-09 20:32 --------- d-----w C:\Program Files\Cisco Systems
    2008-01-09 16:46 --------- d-----w C:\Program Files\CACE Technologies
    2008-01-09 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
    2008-01-09 00:22 --------- d---a-w C:\Program Files\NetZero
    2008-01-08 23:19 --------- d-----w C:\Program Files\Common Files\AOL
    2008-01-08 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2008-01-08 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Maxtor
    2008-01-07 22:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-01-07 22:53 --------- d-----w C:\Program Files\Maxtor
    2008-01-07 22:47 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-01-06 13:49 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-01-01 22:44 1,946,402 ----a-w C:\WINNT\java\Packages\O353LB53.ZIP
    2007-12-30 18:45 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
    2007-12-27 05:56 --------- d-----w C:\Program Files\Lavalys
    2007-12-14 16:32 12,632 ----a-w C:\WINNT\system32\lsdelete.exe
    2007-12-13 00:40 1,852,418 ----a-w C:\WINNT\java\Packages\22BZ17BN.ZIP
    2007-12-09 03:45 108,067 ----a-w C:\WINNT\java\Packages\YINF7N7Z.ZIP
    2007-12-09 03:45 1,670,294 ----a-w C:\WINNT\java\Packages\NRR7HNZH.ZIP
    2007-12-07 02:21 824,832 ----a-w C:\WINNT\system32\wininet.dll
    2007-12-05 02:02 2,763,708 ----a-w C:\WINNT\java\Packages\KRLFD33Z.ZIP
    2007-12-04 18:38 550,912 ----a-w C:\WINNT\system32\oleaut32.dll
    2006-05-22 01:30 184,808 ----a-w C:\Documents and Settings\User\Application Data\shb.dat
    2006-02-09 22:54 271 --sh--w C:\Program Files\desktop.ini
    2006-02-09 22:54 21,952 ---ha-w C:\Program Files\folder.htt
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
    2008-02-25 17:39 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {F0F8ECBE-D460-4B34-B007-56A92E8F84A7}
    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
    {2E5E800E-6AC0-411E-940A-369530A35E43}
    {CD292324-974F-4224-D074-CACA427AA030}
    {0BF43445-2F28-4351-9252-17FE6E806AA0}
    {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

    [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr "= "C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
    "ctfmon.exe "= "C:\WINNT\system32\ctfmon.exe" [2004-08-04 07:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MaxtorOneTouch "= "C:\Program Files\Maxtor\ManagerApp\Onetouch.exe" [2006-08-11 08:45 712704]
    "SNPSTD2 "= "C:\WINNT\vsnpstd2.exe" [2004-06-10 11:54 286720]
    "ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
    "LogMeIn GUI "= "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop "= "C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 07:00 214528]
    "tscuninstall "= "C:\WINNT\system32\tscupgrd.exe" [2004-08-04 07:00 44544]

    C:\Documents and Settings\User\Start Menu\Programs\Startup\
    Microsoft Office Fast Start.lnk - C:\MSOffice\Office\FASTBOOT.EXE [1996-03-20 14848]
    Microsoft Office Find Fast Indexer.lnk - C:\MSOffice\Office\FINDFAST.EXE [1996-03-20 86528]
    Microsoft Office Shortcut Bar.lnk - C:\MSOffice\Office\MSOFFICE.EXE [1996-03-20 365056]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "some "= C:\Program Files\NetProject\scit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    LMIinit.dll 2007-11-15 18:46 87352 C:\WINNT\system32\LMIinit.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=C:\WINNT\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^U.S. Robotics Internet Call Notification.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\U.S. Robotics Internet Call Notification.lnk
    backup=C:\WINNT\pss\U.S. Robotics Internet Call Notification.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Winter Fun Wallpaper Changer.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Winter Fun Wallpaper Changer.lnk
    backup=C:\WINNT\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINNT\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    --a------ 2006-07-19 19:26 52896 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
    --a------ 2007-03-16 06:51 715888 C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
    --a------ 2005-01-27 12:17 1381376 C:\Program Files\Ahead\InCD\InCD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu]
    --a------ 2006-08-11 11:15 81920 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2001-07-09 12:50 155648 C:\WINNT\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    --a------ 2003-04-02 15:40 4616192 C:\WINNT\system32\NvCpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    --a------ 2003-04-02 15:40 49152 C:\WINNT\system32\NVMCTRAY.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    --a------ 2003-04-02 15:40 323584 C:\WINNT\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
    --a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
    --a------ 2007-03-30 10:42 36904 C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    --a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-12-02 23:41 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
    --a------ 2004-08-04 07:00 143360 C:\WINNT\system32\mobsync.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Storage Toolbox]
    --a------ 2005-09-14 20:44 65536 C:\Program Files\USB Disk Win98 Driver\Res.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    --a------ 2006-09-27 20:33 125168 C:\PROGRA~1\SYMANT~1\VPTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinZip E-Mail Companion OEAPI]
    --a------ 2007-11-19 02:00 75136 C:\Program Files\WinZip E-Mail Companion\loadwzco.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Trillian\\trillian.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\Avant Browser\\avant.exe "=
    "C:\\Program Files\\MSN Messenger\\livecall.exe "=
    "C:\\WINNT\\system32\\rtcshare.exe "=
    "C:\\WINNT\\PCHEALTH\\helpctr\\binaries\\HelpCtr.exe "=

    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINNT\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
    R3 snpstd2;CAM 30;C:\WINNT\system32\DRIVERS\snpstd2.sys [2004-07-28 11:49]
    S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
    S3 ADM8511;ADM8511 USB To Fast Ethernet Adapter;C:\WINNT\system32\DRIVERS\ADM8511.SYS [2001-02-15 04:34]
    S3 InCDFat;Ahead InCDFat File System Driver;C:\WINNT\system32\Drivers\InCDFat.sys [2005-01-27 20:07]
    S3 samhid;samhid;C:\WINNT\system32\drivers\samhid.sys [2006-01-07 11:09]
    S3 Winacusb;Winacusb;C:\WINNT\system32\DRIVERS\winacusb.sys [2004-07-14 14:59]
    S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;C:\WINNT\system32\DRIVERS\wind502u.sys [2004-03-25 07:49]

    *Newly Created Service* - KLIF
    *Newly Created Service* - LMIINFO
    *Newly Created Service* - LMIMAINT
    *Newly Created Service* - LMIRFSCLIENTNP
    *Newly Created Service* - LMIRFSDRIVER
    *Newly Created Service* - LOGMEIN
    *Newly Created Service* - SRESCAN
    *Newly Created Service* - VSMON
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-26 08:21:00
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-26 8:24:15
    ComboFix-quarantined-files.txt 2008-02-26 13:24:01
    ComboFix2.txt 2008-02-26 04:35:35
    ComboFix3.txt 2008-02-26 03:27:36
    ComboFix4.txt 2008-02-25 12:38:18
    .
    2007-09-16 23:31:27 --- E O F ---
     
    TinyTuba822,
    #12
  14. 2008/02/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Scan again with HijackThis, place a check next to the following entry, then click Fix Checked.

    O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe


    Still have ATF Cleaner? If not, download it from here and save it to your desktop.
    • Double click ATF-Cleaner.exe to run the program.
    • Check the boxes to the left of:

      • Windows Temp
      • Current User Temp
      • All Users Temp
      • Temporary Internet Files
      • Prefetch
      • Java Cache
      • Recycle bin

    • The rest are optional - if you want it to remove everything check "Select All ".
    • Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.
    Reboot


    Run another scan with HijackThis and verify the above entry is gone, then lets get an online scan. Please do an online scan with Kaspersky WebScanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.

    Post the Kaspersky log and one more fresh HijackThis log. Let me know how your computer is performing.
     
    noahdfear,
    #13
  15. 2008/02/27
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    Wednesday, February 27, 2008 9:11:33 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 27/02/2008
    Kaspersky Anti-Virus database records: 583972
    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true
    Scan Target My Computer
    A:\
    C:\
    D:\
    Scan Statistics
    Total number of scanned objects 67056
    Number of viruses found 11
    Number of infected objects 43
    Number of suspicious objects 0
    Duration of the scan process 01:55:02

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\05a8874b94deeb1967b9f1e09d64f409_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20a7bba9459dcc2f4f9bc346d127e450_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\418f945d6a63a25fdfdac5d238f8e2d7_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b354bea208fa4ded6f8bce957d341103_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ddcc4c73a0481fca08b0ec9492580e78_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e497fb9d6912c46d93644c6a7f85b7fb_7f69e1e2-294a-4804-8c13-0de528a89b43 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF80000\4FF848CE.VBN Infected: Trojan-Downloader.Win32.Agent.jke skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0000\4FEC969B.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0005\4FECD733.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0006\4FECD77B.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0007\4FECD81B.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC000A\4FECE7C9.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC000B\4FECED06.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC000D\4FED7D8F.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC000E\4FED7DB1.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0013\4FEDA115.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0014\4FEDCA6C.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0015\4FEDCB0A.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0016\4FEDCFBC.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DAC0017\4FEDD07F.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800001\4FC1E771.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800006\4FC22BC8.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dq skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800007\4FC22BF8.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Valerie\.housecall6.6\Quarantine\1203783261.dll.bac_a01780 Infected: not-a-virus:AdWare.Win32.BHO.zc skipped
    C:\Documents and Settings\Valerie\Application Data\CiscoCAA\event.log Object is locked skipped
    C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\history.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\key3.db Object is locked skipped
    C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Valerie\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Valerie\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9ul3t1x.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\History\History.IE5\MSHist012008022720080228\index.dat Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Temp\~DF4BE1.tmp Object is locked skipped
    C:\Documents and Settings\Valerie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Valerie\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Valerie\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
    C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0363NAV~.TMP Object is locked skipped
    C:\Program Files\Symantec AntiVirus\SAVRT\0864NAV~.TMP Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\AIM\Console\AIM - bmichelle6412.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\AIM\Console\AIM - luigifan688.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\AIM\Console\AIM - silverbritt822.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\AIM\Console\AIM - TinyTuba822.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\ICQ\Console\ICQ - 478545754.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\MSN\Console\MSN - brittanyma06@hotmail.com.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\MSN\Console\MSN - TinyTuba822@hotmail.com.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\YAHOO\Console\YAHOO - hyper_idiot64.log Object is locked skipped
    C:\Program Files\Trillian\users\default\logs\YAHOO\Console\YAHOO - TinyTuba822.log Object is locked skipped
    C:\QooBox\Quarantine\C\Program Files\NetProject\sbsm.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\QooBox\Quarantine\C\Program Files\NetProject\sbun.exe.vir Infected: Trojan-Downloader.Win32.Zlob.iej skipped
    C:\QooBox\Quarantine\C\Program Files\NetProject\scit.exe.vir Infected: not-virus:Hoax.Win32.Gavec.w skipped
    C:\QooBox\Quarantine\C\Program Files\NetProject\scm.exe.vir Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\QooBox\Quarantine\C\Program Files\NetProject\scu.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ieq skipped
    C:\QooBox\Quarantine\C\Program Files\NetProject\wamdl.dll.vir Infected: Trojan-Downloader.Win32.Zlob.iec skipped
    C:\QooBox\Quarantine\C\Program Files\NetProject\waun.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ies skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050337.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050339.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050365.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050367.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP395\A0050392.dll Infected: not-a-virus:AdWare.Win32.BHO.zc skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP400\A0050673.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP400\A0050675.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP415\A0051601.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP415\A0051604.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP417\A0051799.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP417\A0051800.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP419\A0051952.exe Infected: Trojan-Downloader.Win32.Zlob.ied skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP419\A0051953.exe Infected: not-virus:Hoax.Win32.Gavec.s skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP419\A0051957.exe Infected: Trojan-Downloader.Win32.Zlob.iej skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP419\A0051958.exe Infected: not-virus:Hoax.Win32.Gavec.w skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP419\A0051959.exe Infected: Trojan-Downloader.Win32.Zlob.ieq skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP419\A0051961.dll Infected: Trojan-Downloader.Win32.Zlob.iec skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP419\A0051962.exe Infected: Trojan-Downloader.Win32.Zlob.ies skipped
    C:\System Volume Information\_restore{CDAF4C89-795E-410A-9CA6-7F079741A227}\RP421\change.log Object is locked skipped
    C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
    C:\WINNT\Internet Logs\ARTHUR.ldb Object is locked skipped
    C:\WINNT\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINNT\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINNT\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINNT\SchedLgU.Txt Object is locked skipped
    C:\WINNT\SoftwareDistribution\EventCache\{05D69183-DB13-42B6-ADA9-11CC889955F9}.bin Object is locked skipped
    C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINNT\Sti_Trace.log Object is locked skipped
    C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\default Object is locked skipped
    C:\WINNT\system32\config\default.LOG Object is locked skipped
    C:\WINNT\system32\config\Internet.evt Object is locked skipped
    C:\WINNT\system32\config\SAM Object is locked skipped
    C:\WINNT\system32\config\SAM.LOG Object is locked skipped
    C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\SECURITY Object is locked skipped
    C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINNT\system32\config\software Object is locked skipped
    C:\WINNT\system32\config\software.LOG Object is locked skipped
    C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINNT\system32\config\system Object is locked skipped
    C:\WINNT\system32\config\system.LOG Object is locked skipped
    C:\WINNT\system32\drivers\fidbox.dat Object is locked skipped
    C:\WINNT\system32\drivers\fidbox.idx Object is locked skipped
    C:\WINNT\system32\h323log.txt Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINNT\TEMP\ZLT0605b.TMP Object is locked skipped
    C:\WINNT\TEMP\ZLT0605e.TMP Object is locked skipped
    C:\WINNT\wiadebug.log Object is locked skipped
    C:\WINNT\wiaservc.log Object is locked skipped
    C:\WINNT\WindowsUpdate.log Object is locked skipped
    Scan process completed.
     
    TinyTuba822,
    #14
  16. 2008/02/27
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:13:38 PM, on 2/27/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    C:\Program Files\Maxtor\Utils\SyncServices.exe
    C:\WINNT\system32\nvsvc32.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\SiteAdvisor\6253\SAService.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    C:\WINNT\vsnpstd2.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
    C:\Program Files\Trillian\trillian.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Valerie\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O2 - BHO: Popup-Blocker Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\x1IEBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: TwcToolbarBhoApp Class - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\WINNT\system32\TwcToolbarBho.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINNT\system32\TwcToolbarIe7.dll
    O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
    O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
    O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\ManagerApp\Onetouch.exe
    O4 - HKLM\..\Run: [SNPSTD2] C:\WINNT\vsnpstd2.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
    O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe "
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
    O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
    O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
    O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.explorertool.net/redirect.php (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/v/8.1.4.1/applet/battlephlinx/battlephlinx-en_US.cab
    O16 - DPF: Bowling by pogo - http://game1.pogo.com/v/8.1.2.14/applet/bowling/bowling-en_US.cab
    O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://69.65.108.158/Java/cfs40320.cab
    O16 - DPF: Chess by pogo - http://game1.pogo.com/v/8.1.4.1/applet/chess2/chess2-en_US.cab
    O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-8.0.3.20/domino/domino-en_US.cab
    O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-8.0.3.20/greenback/greenback-en_US.cab
    O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-8.0.8.30/harvest/harvest-en_US.cab
    O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-8.0.3.36/mhpoker/mhpoker-en_US.cab
    O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-8.0.9.33/lottso/lottso-en_US.cab
    O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/mahjong2/mahjong2-en_US.cab
    O16 - DPF: Makeover Madness by pogo - http://game1.pogo.com/applet-8.0.4.41/shoes/shoes-en_US.cab
    O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-8.0.9.41/flinger/flinger-en_US.cab
    O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/v/8.1.5.27/applet/popfu/popfu-en_US.cab
    O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/poppit2/poppit2-en_US.cab
    O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-8.0.3.20/hotstreak/hotstreak-en_US.cab
    O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.0.23/applet/spider/spider-en_US.cab
    O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.1.1/applet/squelchies/squelchies-en_US.cab
    O16 - DPF: Sweet Tooth 2 by Pogo - http://game1.pogo.com/v/8.1.3.30/applet/sweettooth2/sweettooth2-en_US.cab
    O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/v/8.1.1.1/applet/peaks/peaks-en_US.cab
    O16 - DPF: Yahoo! Checkers - http://download2.games.yahoo.com/games/clients/y/kt4_x.cab
    O16 - DPF: Yahoo! Literati - http://download2.games.yahoo.com/games/clients/y/tt5_x.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171590453703
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191940210437
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} (WebBasedClientInstall Class) - https://webapps.eku.edu/stunav/webinst.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by125fd.bay125.hotmail.msn.com/activex/HMAtchmt.ocx
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
    O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
    O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
    O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\Utils\SyncServices.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

    --
    End of file - 13710 bytes


    There aren't pop ups now that I can see, but there is still viruses on my computer, according to Kaspersky.
     
    TinyTuba822,
    #15
  17. 2008/02/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Good news .... all infected files are in quarantine by ComboFix and Norton, and located in System Restore points. Nothing active! :)

    Lets finish up. Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing the infected files there as well. The C:\Deckard's folder will also be removed. You can delete any logs that were created/saved too.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Open the Norton antivirus interface and remove all quarantined objects.

    Now run ATF Cleaner again, making sure to empty the recycle bin.

    I recommend you update and run a scan with Ad-aware, removing whatever it finds. If you have Spybot, update and run it as well.

    Your computer is now clean! Geri has posted some very helpful information and recommendations regarding future protection in the following link.

    http://www.windowsbbs.com/showthread.php?t=67958

    Surf safe!
     
    noahdfear,
    #16
  18. 2008/02/27
    TinyTuba822

    TinyTuba822 Inactive Thread Starter

    Joined:
    2007/10/05
    Messages:
    102
    Likes Received:
    0
    Thanks Dave for your help!
     
    TinyTuba822,
    #17
  19. 2008/02/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're quite welcome. :)
     
    noahdfear,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...