1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Virus removal + HJT help needed

Discussion in 'Malware and Virus Removal Archive' started by MIL, 2008/01/28.

  1. 2008/01/28
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    [Resolved]Virus removal + HJT help needed

    PLease help me with this. I am not sure what this file specifies. I am having trouble with computer acting very slow, also having pop up at startup about some systems32 files at boot up. I had many adware and spywares in computer i downloaded AVG ect to remove it. but i am still getting these problems. Please suggest something.


    Logfile of HijackThis v1.99.1
    Scan saved at 11:37:55 AM, on 1/26/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Spruce\X_Spruce.exe
    C:\PROGRA~1\Grisoft\AVG7\avginet.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    F2 - REG:system.ini: Shell= "Explorer.exe "
    F3 - REG:win.ini: load=C:\WINDOWS\system32\ssqpm.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
    O2 - BHO: (no name) - {2D5796A2-44E0-4E50-A5A0-80BF1EE3EA73} - C:\WINDOWS\system32\nnnnlif.dll (file missing)
    O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
    O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SpruceBHO - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - C:\Program Files\Spruce\Spruce.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {AFADDC5F-53C0-4261-ACE4-06715D15D065} - C:\WINDOWS\system32\ssqpm.dll (file missing)
    O2 - BHO: {772f23d6-105c-402b-2ff4-4225c03edafa} - {afade30c-5224-4ff2-b204-c5016d32f277} - C:\WINDOWS\system32\wtmsuwhs.dll (file missing)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [troy44] C:\WINDOWS\troy44.exe
    O4 - HKLM\..\Run: [64542a4d] rundll32.exe "C:\WINDOWS\system32\xctkhopi.dll ",b
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Spruce - Auto Update.lnk = C:\Program Files\Spruce\Spruce.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/603.../java/RntX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{896F561D-7397-4B6A-B93F-E9CBC4BD0861}: NameServer = 203.187.192.15,203.187.192.12
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: nnnnlif - nnnnlif.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
    MIL,
    #1
  2. 2008/01/29
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MIL
    Welcome to Windowsbbs :)

    First, you need to remove one of your Anti-Virus programs.
    McAfee
    AVG7
    this is not a good idea, they can conflict with each other and actually give you less protection.

    After you do that, then proceed with the following.

    Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

    First step:
    • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
    • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
    • If you have Version 1.4, Click on Exit Spybot S&D Resident
    Second step, For Either Version :
    • Open Spybot S&D
    • Click Mode, choose Advanced Mode
    • Go To the bottom of the Vertical Panel on the Left, Click Tools
    • then, also in left panel, click Resident shows a red/white shield.
    • If your firewall raises a question, say OK
    • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer "(Protection of over-all system settings) active
    • OK any prompts.
    • Use File, Exit to terminate Spybot
    • Reboot your machine for the changes to take effect.
    Don't forget to re-enable it, when your computer is clean.


    Now Do this.

    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
    It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the Combofix log.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/01/30
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    First of all thanks for replying.

    I removed Mcfee and unabled the other spywares etc.

    Heres the combofix log and hijackthis log.

    Let me know what need to be done next. Thanks.

    ComboFix 08-01-31.1 - Mugdha 2008-01-30 22:15:44.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.569 [GMT -5:00]
    Running from: C:\Documents and Settings\Mugdha\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\kernel
    C:\Program Files\Spruce
    C:\Program Files\Spruce\Spruce.dll
    C:\Program Files\Spruce\Spruce.dll.intermediate.manifest
    C:\Program Files\Spruce\Spruce.exe
    C:\Program Files\Spruce\Spruce.info
    C:\Program Files\Spruce\Spruce.original
    C:\Program Files\Spruce\SpruceRg.dll
    C:\Program Files\Spruce\un_SpruceSetup_17737.exe
    C:\Program Files\Spruce\un_SpruceSetup_17737.txt
    C:\Program Files\Spruce\X_Spruce.exe
    C:\Program Files\Spruce\X_Spruce.log
    C:\Program Files\Temporary
    C:\WINDOWS\system32\ipohktcx.ini
    C:\WINDOWS\system32\mpqss.ini
    C:\WINDOWS\system32\mpqss.ini2
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\wqwihflj.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\nm


    ((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
    .

    2008-01-20 11:13 . 2008-01-20 11:13 <DIR> d-------- C:\WINDOWS\MaxSecureBackup
    2008-01-20 11:13 . 2008-01-20 11:20 <DIR> d-------- C:\Program Files\Max Registry Cleaner
    2008-01-20 11:13 . 2007-05-24 16:57 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
    2008-01-20 11:13 . 2008-01-20 11:13 63 --a------ C:\WINDOWS\system\SYSRegC.dll
    2008-01-19 13:15 . 2008-01-19 13:15 <DIR> d-------- C:\Program Files\Symantec
    2008-01-19 13:11 . 2008-01-19 13:12 <DIR> d-------- C:\virusscanner
    2008-01-13 15:54 . 2008-01-13 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-13 15:09 . 2005-07-26 14:50 94,208 --------- C:\WINDOWS\system32\mclsp.dll
    2008-01-13 15:09 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
    2008-01-13 15:09 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\system32\sporder.dll
    2008-01-13 15:05 . 2008-01-30 19:26 <DIR> d-------- C:\Program Files\McAfee.com
    2008-01-10 23:40 . 2008-01-10 23:40 <DIR> d-------- C:\Program Files\Lavasoft
    2008-01-10 23:40 . 2008-01-12 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-10 19:58 . 2008-01-30 19:19 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\AVG7
    2008-01-10 19:57 . 2008-01-10 19:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-10 19:57 . 2008-01-10 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-10 19:57 . 2008-01-10 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-01-10 19:31 . 2008-01-10 23:12 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-01-10 19:17 . 2008-01-10 19:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-09 19:32 . 2008-01-30 22:25 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-09 19:31 . 2008-01-25 01:45 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-01-09 19:31 . 2008-01-09 19:31 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\PC Tools
    2008-01-09 19:31 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-09 19:31 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-09 19:31 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-09 19:31 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-08 22:40 . 2008-01-08 22:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
    2007-12-30 15:38 . 2008-01-12 11:36 <DIR> d--hs---- C:\WINDOWS\TXVnZGhh
    2007-12-29 15:45 . 2007-12-29 15:45 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\Viewpoint
    2007-12-29 15:36 . 2008-01-19 14:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
    2007-12-29 15:11 . 2007-12-29 15:11 <DIR> d-------- C:\WINDOWS\system32\ardCo02
    2007-12-29 15:11 . 2007-12-29 15:11 <DIR> d-------- C:\Temp\cEeer12
    2007-12-29 15:11 . 2007-12-29 15:11 <DIR> d-------- C:\Temp
    2007-12-27 13:46 . 2008-01-19 12:57 <DIR> d-------- C:\Program Files\DivX
    2007-12-05 19:05 . 2007-12-09 18:45 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\gtk-2.0
    2007-12-05 19:05 . 2007-12-05 19:05 <DIR> d-------- C:\Documents and Settings\Mugdha\.thumbnails
    2007-12-04 23:21 . 2007-12-09 18:47 <DIR> d-------- C:\Documents and Settings\Mugdha\.gimp-2.4
    2007-12-04 23:19 . 2007-12-04 23:19 <DIR> d-------- C:\Program Files\GIMP-2.0

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-30 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-01-19 18:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-01-19 18:13 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-01-13 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
    2008-01-11 04:25 --------- d-----w C:\Program Files\5Spice Analysis
    2008-01-09 23:31 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Yahoo!
    2008-01-09 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-09 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-06 17:52 --------- d-----w C:\Program Files\QuickTime
    2008-01-06 17:52 --------- d-----w C:\Program Files\DellSupport
    2008-01-05 05:25 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
    2008-01-05 04:17 --------- d-----w C:\Program Files\GemMaster
    2008-01-05 04:07 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Lavasoft
    2007-12-28 22:09 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\AdobeUM
    2007-12-28 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2001-03-30 21:43 4,377,400 ----a-w C:\Program Files\TurboC++300.exe
    1994-04-27 01:13 1,377 ----a-w C:\Program Files\CH24_2.OBJ
    1994-04-24 02:43 834 ----a-w C:\Program Files\CH24_2.CPP
    1994-04-24 02:29 834 ----a-w C:\Program Files\CH24_2.BAK
    1994-04-14 20:09 193,189 ----a-w C:\Program Files\AAA
    1994-04-14 20:09 18,595 ----a-w C:\Program Files\ASSIGN1.OBJ
    1994-04-14 20:09 113,896 ----a-w C:\Program Files\ASSIGN1.EXE
    1994-04-14 20:08 4,257 ----a-w C:\Program Files\ASSIGN1.CPP
    1994-04-14 20:07 4,262 ----a-w C:\Program Files\ASSIGN1.BAK
    1994-04-14 20:07 193,189 ----a-w C:\Program Files\BBB
    1994-04-14 18:57 193,189 ----a-w C:\Program Files\AAA.TXT
    1994-04-13 22:33 169,845 ----a-w C:\Program Files\CCC.TXT
    1994-04-05 01:45 29,784 ----a-w C:\Program Files\ABC.EXE
    1994-04-05 01:45 14,010 ----a-w C:\Program Files\ABC.OBJ
    1994-04-05 01:45 1,036 ----a-w C:\Program Files\ABC.CPP
    1994-04-05 01:42 1,029 ----a-w C:\Program Files\ABC.BAK
    1994-04-04 23:12 20,000 ----a-w C:\Program Files\AAB.TXT
    1994-04-03 02:36 9,051 ----a-w C:\Program Files\AA.EXE
    1994-04-03 02:36 829 ----a-w C:\Program Files\AA.OBJ
    1994-04-03 02:36 260 ----a-w C:\Program Files\AA.CPP
    1994-04-03 02:32 260 ----a-w C:\Program Files\AA.BAK
    1994-04-03 00:34 5,450 ----a-w C:\Program Files\ABC.TXT
    1994-03-11 02:05 27 ----a-w C:\Program Files\CHKLIST.MS
    1992-02-18 10:00 8,439 ----a-w C:\Program Files\EURO.CHR
    1992-02-18 10:00 8,437 ----a-w C:\Program Files\SIMP.CHR
    1992-02-18 10:00 6,665 ----a-w C:\Program Files\IBM8514.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\CGA.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\ATT.BGI
    1992-02-18 10:00 6,204 ----a-w C:\Program Files\HERC.BGI
    1992-02-18 10:00 6,012 ----a-w C:\Program Files\PC3270.BGI
    1992-02-18 10:00 5,554 ----a-w C:\Program Files\EGAVGA.BGI
    1992-02-18 10:00 5,131 ----a-w C:\Program Files\LITT.CHR
    1992-02-18 10:00 40,385 ----a-w C:\Program Files\BGIDEMO.C
    1992-02-18 10:00 363 ----a-w C:\Program Files\BUILTINS.MAK
    1992-02-18 10:00 18,063 ----a-w C:\Program Files\GOTH.CHR
    1992-02-18 10:00 17,355 ----a-w C:\Program Files\TSCR.CHR
    1992-02-18 10:00 16,677 ----a-w C:\Program Files\TRIP.CHR
    1992-02-18 10:00 14,670 ----a-w C:\Program Files\BOLD.CHR
    1992-02-18 10:00 13,596 ----a-w C:\Program Files\SANS.CHR
    1992-02-18 10:00 12,083 ----a-w C:\Program Files\LCOM.CHR
    1992-02-18 10:00 11,400 ----a-w C:\Program Files\BGIOBJ.EXE
    1992-02-18 10:00 10,987 ----a-w C:\Program Files\SCRI.CHR
    1991-05-26 07:41 594 ----a-w C:\Program Files\CH24_25.C
    2004-08-10 11:00 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
    2006-09-05 04:52 10 --sh--r C:\WINDOWS\system32\sistem.sys
    2005-07-29 21:24 472 --sha-r C:\WINDOWS\TXVnZGhh\nrpBt311.vbs
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFADDC5F-53C0-4261-ACE4-06715D15D065}]
    C:\WINDOWS\system32\ssqpm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afade30c-5224-4ff2-b204-c5016d32f277}]
    C:\WINDOWS\system32\wtmsuwhs.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold "= "C:\Program Files\NetWaiting\netWaiting.exe" [ ]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [ ]
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
    "Creative WebCam Tray "= "C:\Program Files\Creative\Shared Files\CamTray.exe" [ ]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [ ]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "kernel "= "C:\Program Files\kernel\kernel.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [ ]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [ ]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [ ]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [ ]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
    "SigmatelSysTrayApp "= "stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [ ]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
    "ISUSPM Startup "= "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [ ]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [ ]
    "VF0060 STISvc "= "V0060Pin.dll" [2004-10-31 20:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [ ]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [ ]
    "64542a4d "= "C:\WINDOWS\system32\xctkhopi.dll" [ ]
    "ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-10 23:32 579072]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
    "MCUpdateExe "= "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-10 19:57 219136]

    C:\Documents and Settings\Mugdha\Start Menu\Programs\Startup\
    Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-29 15:22:44 178390]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-10 11:19:02 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnlif]
    nnnnlif.dll

    S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 03:15]
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1307683e-75f6-11db-b768-00142297bc60}]
    \Shell\Explore\command - explorer.exe /n,/e ,.
    \Shell\Launch\command - portablevaultaes.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-01-30 22:26:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    .
    **************************************************************************
    .
    Completion time: 2008-01-30 22:32:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-01-31 03:32:00
    .
    2008-01-10 02:51:21 --- E O F ---


    :(


    Logfile of HijackThis v1.99.1
    Scan saved at 11:10:53 PM, on 1/30/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\stsystra.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {AFADDC5F-53C0-4261-ACE4-06715D15D065} - C:\WINDOWS\system32\ssqpm.dll (file missing)
    O2 - BHO: {772f23d6-105c-402b-2ff4-4225c03edafa} - {afade30c-5224-4ff2-b204-c5016d32f277} - C:\WINDOWS\system32\wtmsuwhs.dll (file missing)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [64542a4d] rundll32.exe "C:\WINDOWS\system32\xctkhopi.dll ",b
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
    O4 - Startup: Spruce - Auto Update.lnk = C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/6030-b463h-iconnecthere/rnl/java/RntX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{896F561D-7397-4B6A-B93F-E9CBC4BD0861}: NameServer = 203.187.192.15,203.187.192.12
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: nnnnlif - nnnnlif.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    :(

    Waiting for the reply
    :)
     
    MIL,
    #3
  5. 2008/01/31
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MIL

    Do you have any idea what these are? The creation dates are 1991, 1992 and1994. Any program that you know of that may have installed them?

    1994-04-03 02:36 9,051 ----a-w C:\Program Files\AA.EXE
    1994-04-03 02:36 829 ----a-w C:\Program Files\AA.OBJ
    1994-04-03 02:36 260 ----a-w C:\Program Files\AA.CPP
    1994-04-03 02:32 260 ----a-w C:\Program Files\AA.BAK
    1994-04-03 00:34 5,450 ----a-w C:\Program Files\ABC.TXT
    1994-03-11 02:05 27 ----a-w C:\Program Files\CHKLIST.MS
    1992-02-18 10:00 8,439 ----a-w C:\Program Files\EURO.CHR
    1992-02-18 10:00 8,437 ----a-w C:\Program Files\SIMP.CHR
    1992-02-18 10:00 6,665 ----a-w C:\Program Files\IBM8514.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\CGA.BGI


    Please do the Following.

    Please delete the ComboFix you have and download the newer version.

    Download ComboFix from [color= "Red"]Here[/color] to your Desktop.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    [​IMG]
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    Folder::
C:\WINDOWS\TXVnZGhh
C:\Documents and Settings\All Users\Application Data\Rabio
C:\WINDOWS\system32\ardCo02
C:\Temp\cEeer12

File::
C:\WINDOWS\system32\sistem.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFADDC5F-53C0-4261-ACE4-06715D15D065}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afade30c-5224-4ff2-b204-c5016d32f277}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnlif]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "64542a4d "=-
    Please post the new combofix log that it produces, and let me know if you know what those files are.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/01/31
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    I have no idea what those files are.

    Heres the new combofix and hijackthis logs

    ComboFix 08-02.01.4 - Mugdha 2008-02-01 0:00:39.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.543 [GMT -5:00]
    Running from: C:\Documents and Settings\Mugdha\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mugdha\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE
    C:\WINDOWS\system32\sistem.sys
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Rabio
    C:\Temp\cEeer12
    C:\WINDOWS\system32\ardCo02
    C:\WINDOWS\system32\sistem.sys
    C:\WINDOWS\TXVnZGhh
    C:\WINDOWS\TXVnZGhh\nrpBt311.vbs

    .
    ((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
    .

    2008-01-20 11:13 . 2008-01-20 11:13 <DIR> d-------- C:\WINDOWS\MaxSecureBackup
    2008-01-20 11:13 . 2008-01-20 11:20 <DIR> d-------- C:\Program Files\Max Registry Cleaner
    2008-01-20 11:13 . 2007-05-24 16:57 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
    2008-01-20 11:13 . 2008-01-20 11:13 63 --a------ C:\WINDOWS\system\SYSRegC.dll
    2008-01-19 13:15 . 2008-01-19 13:15 <DIR> d-------- C:\Program Files\Symantec
    2008-01-19 13:11 . 2008-01-19 13:12 <DIR> d-------- C:\virusscanner
    2008-01-13 15:54 . 2008-01-13 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-13 15:09 . 2005-07-26 14:50 94,208 --------- C:\WINDOWS\system32\mclsp.dll
    2008-01-13 15:09 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
    2008-01-13 15:09 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\system32\sporder.dll
    2008-01-13 15:05 . 2008-01-30 19:26 <DIR> d-------- C:\Program Files\McAfee.com
    2008-01-10 23:40 . 2008-01-10 23:40 <DIR> d-------- C:\Program Files\Lavasoft
    2008-01-10 23:40 . 2008-01-12 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-10 19:58 . 2008-01-31 19:18 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\AVG7
    2008-01-10 19:57 . 2008-01-10 19:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-10 19:57 . 2008-01-10 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-10 19:57 . 2008-01-10 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-01-10 19:31 . 2008-01-10 23:12 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-01-10 19:17 . 2008-01-10 19:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-09 19:32 . 2008-01-31 19:29 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-09 19:31 . 2008-01-31 19:30 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-01-09 19:31 . 2008-01-09 19:31 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\PC Tools
    2008-01-09 19:31 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-09 19:31 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-09 19:31 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-09 19:31 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-08 22:40 . 2008-01-08 22:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-30 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-01-19 18:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-01-19 18:13 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-01-19 17:57 --------- d-----w C:\Program Files\DivX
    2008-01-13 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
    2008-01-12 14:40 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-11 04:25 --------- d-----w C:\Program Files\5Spice Analysis
    2008-01-09 23:31 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Yahoo!
    2008-01-09 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-09 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-06 17:52 --------- d-----w C:\Program Files\QuickTime
    2008-01-06 17:52 --------- d-----w C:\Program Files\DellSupport
    2008-01-05 05:25 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
    2008-01-05 04:17 --------- d-----w C:\Program Files\GemMaster
    2008-01-05 04:07 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Lavasoft
    2007-12-29 20:45 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Viewpoint
    2007-12-28 22:09 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\AdobeUM
    2007-12-28 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-09 23:45 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\gtk-2.0
    2007-12-05 04:19 --------- d-----w C:\Program Files\GIMP-2.0
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-19 00:41 7,934 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2001-03-30 21:43 4,377,400 ----a-w C:\Program Files\TurboC++300.exe
    1994-04-27 01:13 1,377 ----a-w C:\Program Files\CH24_2.OBJ
    1994-04-24 02:43 834 ----a-w C:\Program Files\CH24_2.CPP
    1994-04-24 02:29 834 ----a-w C:\Program Files\CH24_2.BAK
    1994-04-14 20:09 193,189 ----a-w C:\Program Files\AAA
    1994-04-14 20:09 18,595 ----a-w C:\Program Files\ASSIGN1.OBJ
    1994-04-14 20:09 113,896 ----a-w C:\Program Files\ASSIGN1.EXE
    1994-04-14 20:08 4,257 ----a-w C:\Program Files\ASSIGN1.CPP
    1994-04-14 20:07 4,262 ----a-w C:\Program Files\ASSIGN1.BAK
    1994-04-14 20:07 193,189 ----a-w C:\Program Files\BBB
    1994-04-14 18:57 193,189 ----a-w C:\Program Files\AAA.TXT
    1994-04-13 22:33 169,845 ----a-w C:\Program Files\CCC.TXT
    1994-04-05 01:45 29,784 ----a-w C:\Program Files\ABC.EXE
    1994-04-05 01:45 14,010 ----a-w C:\Program Files\ABC.OBJ
    1994-04-05 01:45 1,036 ----a-w C:\Program Files\ABC.CPP
    1994-04-05 01:42 1,029 ----a-w C:\Program Files\ABC.BAK
    1994-04-04 23:12 20,000 ----a-w C:\Program Files\AAB.TXT
    1994-04-03 02:36 9,051 ----a-w C:\Program Files\AA.EXE
    1994-04-03 02:36 829 ----a-w C:\Program Files\AA.OBJ
    1994-04-03 02:36 260 ----a-w C:\Program Files\AA.CPP
    1994-04-03 02:32 260 ----a-w C:\Program Files\AA.BAK
    1994-04-03 00:34 5,450 ----a-w C:\Program Files\ABC.TXT
    1994-03-11 02:05 27 ----a-w C:\Program Files\CHKLIST.MS
    1992-02-18 10:00 8,439 ----a-w C:\Program Files\EURO.CHR
    1992-02-18 10:00 8,437 ----a-w C:\Program Files\SIMP.CHR
    1992-02-18 10:00 6,665 ----a-w C:\Program Files\IBM8514.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\CGA.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\ATT.BGI
    1992-02-18 10:00 6,204 ----a-w C:\Program Files\HERC.BGI
    1992-02-18 10:00 6,012 ----a-w C:\Program Files\PC3270.BGI
    1992-02-18 10:00 5,554 ----a-w C:\Program Files\EGAVGA.BGI
    1992-02-18 10:00 5,131 ----a-w C:\Program Files\LITT.CHR
    1992-02-18 10:00 40,385 ----a-w C:\Program Files\BGIDEMO.C
    1992-02-18 10:00 363 ----a-w C:\Program Files\BUILTINS.MAK
    1992-02-18 10:00 18,063 ----a-w C:\Program Files\GOTH.CHR
    1992-02-18 10:00 17,355 ----a-w C:\Program Files\TSCR.CHR
    1992-02-18 10:00 16,677 ----a-w C:\Program Files\TRIP.CHR
    1992-02-18 10:00 14,670 ----a-w C:\Program Files\BOLD.CHR
    1992-02-18 10:00 13,596 ----a-w C:\Program Files\SANS.CHR
    1992-02-18 10:00 12,083 ----a-w C:\Program Files\LCOM.CHR
    1992-02-18 10:00 11,400 ----a-w C:\Program Files\BGIOBJ.EXE
    1992-02-18 10:00 10,987 ----a-w C:\Program Files\SCRI.CHR
    1991-05-26 07:41 594 ----a-w C:\Program Files\CH24_25.C
    2004-08-10 11:00 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFADDC5F-53C0-4261-ACE4-06715D15D065}]
    C:\WINDOWS\system32\ssqpm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afade30c-5224-4ff2-b204-c5016d32f277}]
    C:\WINDOWS\system32\wtmsuwhs.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold "= "C:\Program Files\NetWaiting\netWaiting.exe" [ ]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [ ]
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
    "Creative WebCam Tray "= "C:\Program Files\Creative\Shared Files\CamTray.exe" [ ]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [ ]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "kernel "= "C:\Program Files\kernel\kernel.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [ ]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [ ]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [ ]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [ ]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
    "SigmatelSysTrayApp "= "stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [ ]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
    "ISUSPM Startup "= "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [ ]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [ ]
    "VF0060 STISvc "= "V0060Pin.dll" [2004-10-31 20:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [ ]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [ ]
    "ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-10 23:32 579072]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
    "MCUpdateExe "= "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-10 19:57 219136]

    C:\Documents and Settings\Mugdha\Start Menu\Programs\Startup\
    Spruce - Auto Update.lnk - C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir [2007-12-29 15:22:44 178390]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-10 11:19:02 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 03:15]
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1307683e-75f6-11db-b768-00142297bc60}]
    \Shell\Explore\command - explorer.exe /n,/e ,.
    \Shell\Launch\command - portablevaultaes.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-01 00:05:21
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-01 0:08:34
    ComboFix-quarantined-files.txt 2008-02-01 05:08:29
    ComboFix2.txt 2008-01-31 03:32:05
    .
    2008-01-10 02:51:21 --- E O F ---




    Logfile of HijackThis v1.99.1
    Scan saved at 12:09:24 AM, on 2/1/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\stsystra.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {AFADDC5F-53C0-4261-ACE4-06715D15D065} - C:\WINDOWS\system32\ssqpm.dll (file missing)
    O2 - BHO: {772f23d6-105c-402b-2ff4-4225c03edafa} - {afade30c-5224-4ff2-b204-c5016d32f277} - C:\WINDOWS\system32\wtmsuwhs.dll (file missing)
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
    O4 - Startup: Spruce - Auto Update.lnk = C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/6030-b463h-iconnecthere/rnl/java/RntX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{896F561D-7397-4B6A-B93F-E9CBC4BD0861}: NameServer = 203.187.192.15,203.187.192.12
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
    MIL,
    #5
  7. 2008/02/01
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MIL

    OK Lets see if we can get a few of those files scanned.

    Jotti File Submission:
    • Please go to Jotti's malware scan
    • Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time.
      • C:\Program Files\AA.EXE
        C:\Program Files\ABC.EXE
        C:\Program Files\BGIOBJ.EXE
    • Click on the submit button
    • Please post the results in your next reply.

    Please delete the combofix you have and get the newer version before running the below CFScript.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    DirLook:: 
C:\Program Files\CH24_25.C
C:\Program Files\AAA
C:\Program Files\BBB

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFADDC5F-53C0-4261-ACE4-06715D15D065}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afade30c-5224-4ff2-b204-c5016d32f277}]
    Please post the results for each file and the new Combofix log..

    Thanks
    Geri
     
    Geri,
    #6
  8. 2008/02/04
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    ComboFix 08-02.05.3 - Mugdha 2008-02-04 18:24:41.3 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.471 [GMT -5:00]
    Running from: C:\Documents and Settings\Mugdha\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mugdha\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
    .

    2008-01-20 11:13 . 2008-01-20 11:13 <DIR> d-------- C:\WINDOWS\MaxSecureBackup
    2008-01-20 11:13 . 2008-01-20 11:20 <DIR> d-------- C:\Program Files\Max Registry Cleaner
    2008-01-20 11:13 . 2007-05-24 16:57 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
    2008-01-20 11:13 . 2008-01-20 11:13 63 --a------ C:\WINDOWS\system\SYSRegC.dll
    2008-01-19 13:15 . 2008-01-19 13:15 <DIR> d-------- C:\Program Files\Symantec
    2008-01-19 13:11 . 2008-01-19 13:12 <DIR> d-------- C:\virusscanner
    2008-01-13 15:54 . 2008-01-13 15:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-01-13 15:54 . 2008-01-13 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-13 15:09 . 2005-07-26 14:50 94,208 --------- C:\WINDOWS\system32\mclsp.dll
    2008-01-13 15:09 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
    2008-01-13 15:09 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\system32\sporder.dll
    2008-01-13 15:05 . 2008-01-30 19:26 <DIR> d-------- C:\Program Files\McAfee.com
    2008-01-10 23:40 . 2008-01-10 23:40 <DIR> d-------- C:\Program Files\Lavasoft
    2008-01-10 23:40 . 2008-01-12 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-10 19:58 . 2008-02-04 18:01 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\AVG7
    2008-01-10 19:57 . 2008-01-10 19:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-10 19:57 . 2008-01-10 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-10 19:57 . 2008-01-10 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-01-10 19:31 . 2008-01-10 23:12 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-01-10 19:17 . 2008-01-10 19:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-09 19:32 . 2008-02-04 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-09 19:31 . 2008-02-04 18:22 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-01-09 19:31 . 2008-01-09 19:31 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\PC Tools
    2008-01-09 19:31 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-09 19:31 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-09 19:31 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-09 19:31 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-08 22:40 . 2008-01-08 22:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-30 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-01-19 18:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-01-19 18:13 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-01-19 17:57 --------- d-----w C:\Program Files\DivX
    2008-01-13 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
    2008-01-12 14:40 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-11 04:25 --------- d-----w C:\Program Files\5Spice Analysis
    2008-01-09 23:31 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Yahoo!
    2008-01-09 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-09 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-06 17:52 --------- d-----w C:\Program Files\QuickTime
    2008-01-06 17:52 --------- d-----w C:\Program Files\DellSupport
    2008-01-05 05:25 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
    2008-01-05 04:17 --------- d-----w C:\Program Files\GemMaster
    2008-01-05 04:07 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Lavasoft
    2007-12-29 20:45 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Viewpoint
    2007-12-28 22:09 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\AdobeUM
    2007-12-28 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-09 23:45 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\gtk-2.0
    2007-12-05 04:19 --------- d-----w C:\Program Files\GIMP-2.0
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-19 00:41 7,934 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2001-03-30 21:43 4,377,400 ----a-w C:\Program Files\TurboC++300.exe
    1994-04-27 01:13 1,377 ----a-w C:\Program Files\CH24_2.OBJ
    1994-04-24 02:43 834 ----a-w C:\Program Files\CH24_2.CPP
    1994-04-24 02:29 834 ----a-w C:\Program Files\CH24_2.BAK
    1994-04-14 20:09 193,189 ----a-w C:\Program Files\AAA
    1994-04-14 20:09 18,595 ----a-w C:\Program Files\ASSIGN1.OBJ
    1994-04-14 20:09 113,896 ----a-w C:\Program Files\ASSIGN1.EXE
    1994-04-14 20:08 4,257 ----a-w C:\Program Files\ASSIGN1.CPP
    1994-04-14 20:07 4,262 ----a-w C:\Program Files\ASSIGN1.BAK
    1994-04-14 20:07 193,189 ----a-w C:\Program Files\BBB
    1994-04-14 18:57 193,189 ----a-w C:\Program Files\AAA.TXT
    1994-04-13 22:33 169,845 ----a-w C:\Program Files\CCC.TXT
    1994-04-05 01:45 29,784 ----a-w C:\Program Files\ABC.EXE
    1994-04-05 01:45 14,010 ----a-w C:\Program Files\ABC.OBJ
    1994-04-05 01:45 1,036 ----a-w C:\Program Files\ABC.CPP
    1994-04-05 01:42 1,029 ----a-w C:\Program Files\ABC.BAK
    1994-04-04 23:12 20,000 ----a-w C:\Program Files\AAB.TXT
    1994-04-03 02:36 9,051 ----a-w C:\Program Files\AA.EXE
    1994-04-03 02:36 829 ----a-w C:\Program Files\AA.OBJ
    1994-04-03 02:36 260 ----a-w C:\Program Files\AA.CPP
    1994-04-03 02:32 260 ----a-w C:\Program Files\AA.BAK
    1994-04-03 00:34 5,450 ----a-w C:\Program Files\ABC.TXT
    1994-03-11 02:05 27 ----a-w C:\Program Files\CHKLIST.MS
    1992-02-18 10:00 8,439 ----a-w C:\Program Files\EURO.CHR
    1992-02-18 10:00 8,437 ----a-w C:\Program Files\SIMP.CHR
    1992-02-18 10:00 6,665 ----a-w C:\Program Files\IBM8514.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\CGA.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\ATT.BGI
    1992-02-18 10:00 6,204 ----a-w C:\Program Files\HERC.BGI
    1992-02-18 10:00 6,012 ----a-w C:\Program Files\PC3270.BGI
    1992-02-18 10:00 5,554 ----a-w C:\Program Files\EGAVGA.BGI
    1992-02-18 10:00 5,131 ----a-w C:\Program Files\LITT.CHR
    1992-02-18 10:00 40,385 ----a-w C:\Program Files\BGIDEMO.C
    1992-02-18 10:00 363 ----a-w C:\Program Files\BUILTINS.MAK
    1992-02-18 10:00 18,063 ----a-w C:\Program Files\GOTH.CHR
    1992-02-18 10:00 17,355 ----a-w C:\Program Files\TSCR.CHR
    1992-02-18 10:00 16,677 ----a-w C:\Program Files\TRIP.CHR
    1992-02-18 10:00 14,670 ----a-w C:\Program Files\BOLD.CHR
    1992-02-18 10:00 13,596 ----a-w C:\Program Files\SANS.CHR
    1992-02-18 10:00 12,083 ----a-w C:\Program Files\LCOM.CHR
    1992-02-18 10:00 11,400 ----a-w C:\Program Files\BGIOBJ.EXE
    1992-02-18 10:00 10,987 ----a-w C:\Program Files\SCRI.CHR
    1991-05-26 07:41 594 ----a-w C:\Program Files\CH24_25.C
    2004-08-10 11:00 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Program Files\AAA ----

    C:\Program Files\AAA\

    ---- Directory of C:\Program Files\BBB ----

    C:\Program Files\BBB\

    ---- Directory of C:\Program Files\CH24_25.C ----

    C:\Program Files\CH24_25.C\


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFADDC5F-53C0-4261-ACE4-06715D15D065}]
    C:\WINDOWS\system32\ssqpm.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afade30c-5224-4ff2-b204-c5016d32f277}]
    C:\WINDOWS\system32\wtmsuwhs.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold "= "C:\Program Files\NetWaiting\netWaiting.exe" [ ]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [ ]
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
    "Creative WebCam Tray "= "C:\Program Files\Creative\Shared Files\CamTray.exe" [ ]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [ ]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "kernel "= "C:\Program Files\kernel\kernel.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [ ]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [ ]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [ ]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [ ]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
    "SigmatelSysTrayApp "= "stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [ ]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
    "ISUSPM Startup "= "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [ ]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [ ]
    "VF0060 STISvc "= "V0060Pin.dll" [2004-10-31 20:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [ ]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [ ]
    "ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-10 23:32 579072]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
    "MCUpdateExe "= "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-10 19:57 219136]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-10 11:19:02 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 03:15]
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1307683e-75f6-11db-b768-00142297bc60}]
    \Shell\Explore\command - explorer.exe /n,/e ,.
    \Shell\Launch\command - portablevaultaes.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-04 18:33:50
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-04 18:41:00
    ComboFix-quarantined-files.txt 2008-02-04 23:40:44
    ComboFix2.txt 2008-02-01 05:08:35
    ComboFix3.txt 2008-01-31 03:32:05
    .
    2008-01-10 02:51:21 --- E O F ---





    :(






    Logfile of HijackThis v1.99.1
    Scan saved at 6:42:41 PM, on 2/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\stsystra.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/6030-b463h-iconnecthere/rnl/java/RntX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{896F561D-7397-4B6A-B93F-E9CBC4BD0861}: NameServer = 203.187.192.15,203.187.192.12
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe




    :(



    rest in next post
     
    MIL,
    #7
  9. 2008/02/04
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1


    File to upload & scan:



    Service
    Service load: 0% 100%

    File: AA.EXE
    Status: OK
    MD5: 2e2b7e458846d4cffc003648aa501287
    Packers detected: -
    Bit9 reports: File not found


    Scanner results
    Scan taken on 04 Feb 2008 23:10:12 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    Powered by


    Disclaimer
    This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

    Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

    Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

    Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

    Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

    Sponsored by HotelScraper.com.
    ________________________________________

    Statistics
    Last file scanned at least one scanner reported something about: Xelerator_1.4.exe (MD5: d360d51128f27ff69bf4842f29acf856, size: 649038 bytes), detected by:
    Scanner Malware name
    A-Squared X
    AntiVir TR/Dldr.Bagle.JH
    ArcaVir Trojan.Downloader.Beagle.Jh
    Avast Win32:Beagle-ZV
    AVG Antivirus I-Worm/Bagle
    BitDefender MemScan:Trojan.Downloader.Bagle.FD
    ClamAV PUA.Packed.Themida
    CPsecure X
    Dr.Web Win32.HLLM.Beagle
    F-Prot Antivirus X
    F-Secure Anti-Virus Trojan-Downloader.Win32.Bagle.jh
    Fortinet X
    Ikarus Trojan-Downloader.Win32.Bagle.jc
    Kaspersky Anti-Virus Trojan-Downloader.Win32.Bagle.jh
    NOD32 X
    Norman Virus Control W32/Mitglied.AOI
    Panda Antivirus X
    Rising Antivirus X
    Sophos Antivirus X
    VirusBuster Worm.Bagle.ZOG
    VBA32 X


    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
    We are not affiliated with any third parties that conduct tests using this service.

    Frequently asked questions - Feedback - Privacy policy



    Page generated by JTPL

    © 2004-2008 Jordi Bosveld <jotti@jotti.org>

































    Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

    File to upload & scan:



    Service
    Service load: 0% 100%

    File: ABC.EXE
    Status: OK
    MD5: 71fc7b697ed844483d71490a42833758
    Packers detected: -
    Bit9 reports: File not found

    Scanner results
    Scan taken on 04 Feb 2008 23:14:17 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    Powered by


    Disclaimer
    This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

    Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

    Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

    Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

    Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

    Sponsored by HotelScraper.com.
    ________________________________________

    Statistics
    Last file scanned at least one scanner reported something about: setup.exe (MD5: 47ac23067b89e44a06af16d9ab789c63, size: 436670 bytes), detected by:
    Scanner Malware name
    A-Squared Riskware.Monitor.Win32.IAS
    AntiVir DR/Spy.IAS
    ArcaVir X
    Avast X
    AVG Antivirus X
    BitDefender Adware.Invactspy.B
    ClamAV X
    CPsecure X
    Dr.Web Program.Activekeylog
    F-Prot Antivirus security risk or a "backdoor" program
    F-Secure Anti-Virus not-a-virus:Monitor.Win32.IAS (6, 2, 604)
    Fortinet Keylog/IAS
    Ikarus not-a-virus:Monitor.Win32.IAS
    Kaspersky Anti-Virus not-a-virus:Monitor.Win32.IAS
    NOD32 X
    Norman Virus Control X
    Panda Antivirus Generic
    Rising Antivirus X
    Sophos Antivirus X
    VirusBuster X
    VBA32 X


    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
    We are not affiliated with any third parties that conduct tests using this service.

    Frequently asked questions - Feedback - Privacy policy



    Page generated by JTPL

    © 2004-2008 Jordi Bosveld <jotti@jotti.org>


































    Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

    File to upload & scan:



    Service
    Service load: 0% 100%

    File: BGIOBJ.EXE
    Status: OK
    MD5: fc4ca34896eed473734f195bc90b7e6d
    Packers detected: -
    Bit9 reports: No threat detected (more info)


    Scanner results
    Scan taken on 04 Feb 2008 23:16:04 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    Powered by


    Disclaimer
    This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

    Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

    Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

    Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

    Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

    Sponsored by HotelScraper.com.
    ________________________________________

    Statistics
    Last file scanned at least one scanner reported something about: view_user.exe (MD5: 0a7a4a18e00d5171509789a7af33f9c7, size: 892416 bytes), detected by:
    Scanner Malware name
    A-Squared X
    AntiVir X
    ArcaVir X
    Avast X
    AVG Antivirus Downloader.Swizzor
    BitDefender X
    ClamAV X
    CPsecure X
    Dr.Web X
    F-Prot Antivirus X
    F-Secure Anti-Virus X
    Fortinet X
    Ikarus X
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control X
    Panda Antivirus X
    Rising Antivirus X
    Sophos Antivirus X
    VirusBuster X
    VBA32 X


    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
    We are not affiliated with any third parties that conduct tests using this service.

    Frequently asked questions - Feedback - Privacy policy



    Page generated by JTPL

    © 2004-2008 Jordi Bosveld <jotti@jotti.org>







    :(:(:(


    all the three files for jotti were OK status.


    Let me know what should I do next. What does all these logs show?

    Thanks
     
    MIL,
    #8
  10. 2008/02/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MIL

    I wanted to have those files scanned, Good they came up Nothing, They could be from a old program you installed? and the files for the program were created back then.

    How is your system running?

    We need to run another CFScript.
    I don't know why it is not deleting the registry entries.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFADDC5F-53C0-4261-ACE4-06715D15D065}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{afade30c-5224-4ff2-b204-c5016d32f277}]
    Your last HJT log shows clean, Please post the new CF log and let me know how things are and we'll go from there.

    Thanks
    Geri
     
    Geri,
    #9
  11. 2008/02/04
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    My system seems to run fine now. But I just want to be very very sure that I dont have any virus now. Heres the new CF log


    ComboFix 08-02.05.3 - Mugdha 2008-02-04 22:06:37.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.498 [GMT -5:00]
    Running from: C:\Documents and Settings\Mugdha\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mugdha\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
    .

    2008-02-04 18:20 . 2004-08-10 06:00 388,608 --a------ C:\kmd.exe
    2008-01-20 11:13 . 2008-01-20 11:13 <DIR> d-------- C:\WINDOWS\MaxSecureBackup
    2008-01-20 11:13 . 2008-01-20 11:20 <DIR> d-------- C:\Program Files\Max Registry Cleaner
    2008-01-20 11:13 . 2007-05-24 16:57 143,360 --a------ C:\WINDOWS\system32\GetHardDiskNo.dll
    2008-01-20 11:13 . 2008-01-20 11:13 63 --a------ C:\WINDOWS\system\SYSRegC.dll
    2008-01-19 13:15 . 2008-01-19 13:15 <DIR> d-------- C:\Program Files\Symantec
    2008-01-19 13:11 . 2008-01-19 13:12 <DIR> d-------- C:\virusscanner
    2008-01-13 15:54 . 2008-01-13 15:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-01-13 15:54 . 2008-01-13 17:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-13 15:09 . 2005-07-26 14:50 94,208 --------- C:\WINDOWS\system32\mclsp.dll
    2008-01-13 15:09 . 2005-04-20 19:22 32,768 --a------ C:\WINDOWS\system32\instlsp.exe
    2008-01-13 15:09 . 2005-04-20 19:22 11,264 --a------ C:\WINDOWS\system32\sporder.dll
    2008-01-13 15:05 . 2008-01-30 19:26 <DIR> d-------- C:\Program Files\McAfee.com
    2008-01-10 23:40 . 2008-01-10 23:40 <DIR> d-------- C:\Program Files\Lavasoft
    2008-01-10 23:40 . 2008-01-12 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-10 19:58 . 2008-02-04 18:01 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\AVG7
    2008-01-10 19:57 . 2008-01-10 19:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2008-01-10 19:57 . 2008-01-10 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-01-10 19:57 . 2008-01-10 23:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2008-01-10 19:31 . 2008-01-10 23:12 <DIR> d-------- C:\Program Files\SpywareBlaster
    2008-01-10 19:17 . 2008-01-10 19:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-01-09 19:32 . 2008-02-04 18:21 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-01-09 19:31 . 2008-02-04 18:22 <DIR> d-------- C:\Program Files\Spyware Doctor
    2008-01-09 19:31 . 2008-01-09 19:31 <DIR> d-------- C:\Documents and Settings\Mugdha\Application Data\PC Tools
    2008-01-09 19:31 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
    2008-01-09 19:31 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
    2008-01-09 19:31 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
    2008-01-09 19:31 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
    2008-01-08 22:40 . 2008-01-08 22:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-01-30 05:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
    2008-01-19 18:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-01-19 18:13 --------- d-----w C:\Program Files\NCH Swift Sound
    2008-01-19 17:57 --------- d-----w C:\Program Files\DivX
    2008-01-13 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
    2008-01-12 14:40 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
    2008-01-11 04:25 --------- d-----w C:\Program Files\5Spice Analysis
    2008-01-09 23:31 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Yahoo!
    2008-01-09 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-09 00:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-01-06 17:52 --------- d-----w C:\Program Files\QuickTime
    2008-01-06 17:52 --------- d-----w C:\Program Files\DellSupport
    2008-01-05 05:25 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
    2008-01-05 04:17 --------- d-----w C:\Program Files\GemMaster
    2008-01-05 04:07 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Lavasoft
    2007-12-29 20:45 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\Viewpoint
    2007-12-28 22:09 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\AdobeUM
    2007-12-28 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-09 23:45 --------- d-----w C:\Documents and Settings\Mugdha\Application Data\gtk-2.0
    2007-12-05 04:19 --------- d-----w C:\Program Files\GIMP-2.0
    2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2007-11-19 00:41 7,934 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
    2001-03-30 21:43 4,377,400 ----a-w C:\Program Files\TurboC++300.exe
    1994-04-27 01:13 1,377 ----a-w C:\Program Files\CH24_2.OBJ
    1994-04-24 02:43 834 ----a-w C:\Program Files\CH24_2.CPP
    1994-04-24 02:29 834 ----a-w C:\Program Files\CH24_2.BAK
    1994-04-14 20:09 193,189 ----a-w C:\Program Files\AAA
    1994-04-14 20:09 18,595 ----a-w C:\Program Files\ASSIGN1.OBJ
    1994-04-14 20:09 113,896 ----a-w C:\Program Files\ASSIGN1.EXE
    1994-04-14 20:08 4,257 ----a-w C:\Program Files\ASSIGN1.CPP
    1994-04-14 20:07 4,262 ----a-w C:\Program Files\ASSIGN1.BAK
    1994-04-14 20:07 193,189 ----a-w C:\Program Files\BBB
    1994-04-14 18:57 193,189 ----a-w C:\Program Files\AAA.TXT
    1994-04-13 22:33 169,845 ----a-w C:\Program Files\CCC.TXT
    1994-04-05 01:45 29,784 ----a-w C:\Program Files\ABC.EXE
    1994-04-05 01:45 14,010 ----a-w C:\Program Files\ABC.OBJ
    1994-04-05 01:45 1,036 ----a-w C:\Program Files\ABC.CPP
    1994-04-05 01:42 1,029 ----a-w C:\Program Files\ABC.BAK
    1994-04-04 23:12 20,000 ----a-w C:\Program Files\AAB.TXT
    1994-04-03 02:36 9,051 ----a-w C:\Program Files\AA.EXE
    1994-04-03 02:36 829 ----a-w C:\Program Files\AA.OBJ
    1994-04-03 02:36 260 ----a-w C:\Program Files\AA.CPP
    1994-04-03 02:32 260 ----a-w C:\Program Files\AA.BAK
    1994-04-03 00:34 5,450 ----a-w C:\Program Files\ABC.TXT
    1994-03-11 02:05 27 ----a-w C:\Program Files\CHKLIST.MS
    1992-02-18 10:00 8,439 ----a-w C:\Program Files\EURO.CHR
    1992-02-18 10:00 8,437 ----a-w C:\Program Files\SIMP.CHR
    1992-02-18 10:00 6,665 ----a-w C:\Program Files\IBM8514.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\CGA.BGI
    1992-02-18 10:00 6,332 ----a-w C:\Program Files\ATT.BGI
    1992-02-18 10:00 6,204 ----a-w C:\Program Files\HERC.BGI
    1992-02-18 10:00 6,012 ----a-w C:\Program Files\PC3270.BGI
    1992-02-18 10:00 5,554 ----a-w C:\Program Files\EGAVGA.BGI
    1992-02-18 10:00 5,131 ----a-w C:\Program Files\LITT.CHR
    1992-02-18 10:00 40,385 ----a-w C:\Program Files\BGIDEMO.C
    1992-02-18 10:00 363 ----a-w C:\Program Files\BUILTINS.MAK
    1992-02-18 10:00 18,063 ----a-w C:\Program Files\GOTH.CHR
    1992-02-18 10:00 17,355 ----a-w C:\Program Files\TSCR.CHR
    1992-02-18 10:00 16,677 ----a-w C:\Program Files\TRIP.CHR
    1992-02-18 10:00 14,670 ----a-w C:\Program Files\BOLD.CHR
    1992-02-18 10:00 13,596 ----a-w C:\Program Files\SANS.CHR
    1992-02-18 10:00 12,083 ----a-w C:\Program Files\LCOM.CHR
    1992-02-18 10:00 11,400 ----a-w C:\Program Files\BGIOBJ.EXE
    1992-02-18 10:00 10,987 ----a-w C:\Program Files\SCRI.CHR
    1991-05-26 07:41 594 ----a-w C:\Program Files\CH24_25.C
    2004-08-10 11:00 1,392,671 --sh--r C:\WINDOWS\system32\msvbvm60.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ModemOnHold "= "C:\Program Files\NetWaiting\netWaiting.exe" [ ]
    "MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [ ]
    "Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
    "Creative WebCam Tray "= "C:\Program Files\Creative\Shared Files\CamTray.exe" [ ]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 06:00 15360]
    "DellSupport "= "C:\Program Files\DellSupport\DSAgnt.exe" [ ]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
    "kernel "= "C:\Program Files\kernel\kernel.exe" [ ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray "= "C:\WINDOWS\ehome\ehtray.exe" [ ]
    "SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
    "igfxtray "= "C:\WINDOWS\system32\igfxtray.exe" [ ]
    "igfxhkcmd "= "C:\WINDOWS\system32\hkcmd.exe" [ ]
    "igfxpers "= "C:\WINDOWS\system32\igfxpers.exe" [ ]
    "SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [ ]
    "IntelWireless "= "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [ ]
    "SigmatelSysTrayApp "= "stsystra.exe" [2005-09-10 00:19 393216 C:\WINDOWS\stsystra.exe]
    "Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [ ]
    "DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
    "RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [ ]
    "QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [ ]
    "dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
    "ISUSPM Startup "= "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
    "ISUSScheduler "= "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
    "MimBoot "= "C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [ ]
    "MMTray "= "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [ ]
    "VF0060 STISvc "= "V0060Pin.dll" [2004-10-31 20:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
    "googletalk "= "C:\Program Files\Google\Google Talk\googletalk.exe" [ ]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [ ]
    "ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
    "AVG7_CC "= "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-10 23:32 579072]
    "MSKDetectorExe "= "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 19:05 1117184]
    "VirusScan Online "= "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
    "OASClnt "= "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
    "MCAgentExe "= "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
    "MCUpdateExe "= "c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [ ]
    "MSKAGENTEXE "= "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
    "MPSExe "= "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe" [ ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run "= "C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-10 19:57 219136]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-10 11:19:02 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle "= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme "= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 17:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

    S3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 03:15]
    S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1307683e-75f6-11db-b768-00142297bc60}]
    \Shell\Explore\command - explorer.exe /n,/e ,.
    \Shell\Launch\command - portablevaultaes.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    \Shell\AutoRun\command - E:\setup.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-04 22:12:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-02-04 22:14:53
    ComboFix-quarantined-files.txt 2008-02-05 03:14:47
    ComboFix2.txt 2008-02-04 23:41:01
    ComboFix3.txt 2008-02-01 05:08:35
    ComboFix4.txt 2008-01-31 03:32:05
    .
    2008-01-10 02:51:21 --- E O F ---
     
    MIL,
    #10
  12. 2008/02/04
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    Logfile of HijackThis v1.99.1
    Scan saved at 10:26:08 PM, on 2/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\stsystra.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/6030-b463h-iconnecthere/rnl/java/RntX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{896F561D-7397-4B6A-B93F-E9CBC4BD0861}: NameServer = 203.187.192.15,203.187.192.12
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
     
    MIL,
    #11
  13. 2008/02/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MIL
    WOW I should have seen this earlier :( My Bad.

    You are running a old version of HJT, Please delete it and download this one and post the log.

    Download a copy of HijackThis installerfrom here and save it to your Desktop.

    1. Save HJTInstall.exe to your desktop.
    2. Double-click on the HJTintall.exe icon on your desktop.
      (Let it install to the default location C:\Program Files\Hijackthis)
    3. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    4. Put a check by Create a desktop icon and then click Next again.
    5. Continue to follow the rest of the prompts from there.
    6. At the final dialogue box click Finish and it will launch HijackThis.
    7. Click on the Do a system scan and save a log file button.
      (It will scan and the log should open in Notepad.)
    8. Click on "Edit" > "Select All" to higlight the entire Notepad contents.
    9. Then click on "Edit" > "Copy ".
    10. Come back here to this thread and Paste the log in your next reply.
      (Right-click in the message body field and select "Paste ".)
    CAUTION: DO NOT have HijackThis "fix" anything without carefully following expert guidance. Otherwise, you might render your computer unstable or even unbootable. Most of what HijackThis finds will be harmless or even required.

    Thanks
    Geri
     
    Geri,
    #12
  14. 2008/02/04
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    oh ok. i didnt realise it either. :)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:08:19 PM, on 2/4/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\stsystra.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe "
    O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
    O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
    O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/6030-b463h-iconnecthere/rnl/java/RntX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{896F561D-7397-4B6A-B93F-E9CBC4BD0861}: NameServer = 203.187.192.15,203.187.192.12
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 10906 bytes
     
    MIL,
    #13
  15. 2008/02/04
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    The HJT log looks clean.

    I see McAfee and AVG7, are both installed and running?
    Running two anti-virus programs, is not a good idea, they can conflict with each other and actually give you less protection.

    Please remove one of them.

    Now please do the following in the order given.

    Click Start> Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.
    Delete any CFScript files that may be on your desktop.

    Your Java is out dated, We need to update it. I believe the new version is 6.04.

    Updating Java and Clearing Cache
    1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
    2. It will say "Java Plug-in" under the icon.
      Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
    3. If you are unable to update you can manually update by going here:
    4. After the reboot, go back into the Control Panel and double-click the Java Icon.
    5. On the general tab, at the bottom it has "temporary internet files "
    6. Click the settings button. Then the Delete files button.
    7. There are two options in the window to clear the cache - Leave both Checked

      • Applications and Applets
        Trace and Log files
    8. Click OK
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    9. Click OK to leave the Java Control Panel.
    10. Delete older versions from Add/Remove Programs list.


    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

    Now let's get a on-line scan to make sure nothing is lurking.

    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks the ActiveX download, allow it, click on "Accept" again

    You will be promted to install an ActiveX component from Kaspersky, Click Yes or Install.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will start the program and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky Log.

    Thanks
    Geri
     
    Geri,
    #14
  16. 2008/02/07
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    I had already uninstalled Mcafee.

    Heres the new log



    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, February 07, 2008 5:54:27 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 7/02/2008
    Kaspersky Anti-Virus database records: 552818
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 193092
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 02:14:40

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Mugdha\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\cert8.db Object is locked skipped
    C:\Documents and Settings\Mugdha\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\history.dat Object is locked skipped
    C:\Documents and Settings\Mugdha\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\key3.db Object is locked skipped
    C:\Documents and Settings\Mugdha\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\parent.lock Object is locked skipped
    C:\Documents and Settings\Mugdha\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\Mugdha\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\Mugdha\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Application Data\Mozilla\Firefox\Profiles\o2bve0sf.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Temp\~DF41BD.tmp Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Mugdha\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Mugdha\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Mugdha\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP8\change.log Object is locked skipped
    C:\WINDOWS\CSC\00000001 Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{22079FD0-6107-419A-95A8-4682F821F283}.crmlog Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
     
    MIL,
    #15
  17. 2008/02/07
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MIL
    OK Great. :)
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0

    Are you using McAfee SpamKiller or Firewall?
    I'm asking because they are showing in your HJT log. It's OK to be running them. You need a firewall running.

    Do you have any idea what this is? Is it something you downloaded from Rightnowtech.com?
    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj01.rightnowtech.com/603.../java/RntX.cab

    If you don't know what it is, do a scan only with HJT and put a check next to it and click "Fix Checked. "

    Let me know how things are running.

    Thanks
    Geri
     
    Geri,
    #16
  18. 2008/02/08
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    I fixed the file that HJT showed. The systems working fine now.
    Theres no specific problem as such.
    Do you think my systems is clean now?

    Thanks
     
    MIL,
    #17
  19. 2008/02/08
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MIL
    Yes all the last logs came back clean.

    You're good to go. Good Job. :)

    This would be a good time to set a new system restore point for your machine.
    Set New System Restore Point Windows XP. - Set New System Restore Point Windows Vista
    Do not do this unless there are no other user accounts to be diagnosed.


    Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forms.
    http://www.windowsbbs.com/showthread.php?t=67958

    Surf Safely
    Geri
     
    Geri,
    #18
  20. 2008/02/09
    MIL

    MIL Inactive Thread Starter

    Joined:
    2008/01/26
    Messages:
    20
    Likes Received:
    0
    Alright Geri

    Thank you very much for helping me out.:)
     
    MIL,
    #19
  21. 2008/02/09
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi MIL, You are welcome.
    Glad to help out.

    I will mark this one resolved.

    Geri
     
    Geri,
    #20

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...