HELP! HiJack This log posted!!!! - Free Antivirus Forum

HELP! HiJack This log posted!!!!

BullGuard Antivirus Forum > Virus Removal > Removal Help > HELP! HiJack This log posted!!!!

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

craftcc
New Member

Date Joined Sep 2008
Total Posts : 7

Posted 9-29-2008 9:40 (GMT +1)

I have the Internet Speed Monitor virus. I get tons of pop ups, system is slow, system updates are off and can't be turned back on. I have tried a bunch of Anti Spyware programs and bothing works. Can anyone give me a hand? I don't know much about computers. Thank you so much in advance

Post Edited (craftcc) : 01-10-2008 02:53:28 GMT

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13594

Posted 9-30-2008 8:38 (GMT +1)

Hello

Download this program: http://www.ctrlaltdel.dk/Fix_download.exe

and save it on the desktop. Then double click on it (Fix_download.exe).

You may have to allow the program to download files from the web!

The program download the necessary cleaning programs. Once the program
is downloaded, there will be a folder on your desktop named
Fix_download.exe. – if the instructions not automatically opens, so
double-click "FIX_manual.htm".

Please follow the instructions and copy the logs here, as New Topic:
http://www.bullguard.com/forum/10/

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

craftcc
New Member

Date Joined Sep 2008
Total Posts : 7

Posted 10-1-2008 3:52 (GMT +1)

Thanks! Here are the Logs:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:44, on 9/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auburn.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.reallusion.com/linkcount/linkcount.asp?lid=minictv
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0012BF6C-B30D-4B9E-AE1E-60C332F78095} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9345C9FB-243D-7DBF-1A70-2F10EB7F2790} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {C50B14AE-4327-4616-B688-313052DDA647} - (no file)
O2 - BHO: (no name) - {ECE757A4-DEF4-4CC0-A0B7-A3311977AACA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\DELL\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-21-1881503960-3573568009-922294452-500\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s (User 'Administrator')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.30/uploader2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6C88F7-AC79-4EEA-BF4E-B1A0C92880CE}: Domain = auburn.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6C88F7-AC79-4EEA-BF4E-B1A0C92880CE}: NameServer = 131.204.2.10,131.204.41.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = auburn.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = auburn.edu
O20 - AppInit_DLLs: albhma.dll hdvyuz.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10965 bytes

craftcc
New Member

Date Joined Sep 2008
Total Posts : 7

Posted 10-1-2008 3:54 (GMT +1)

Malwarebytes' Anti-Malware 1.28
Database version: 1222
Windows 5.1.2600 Service Pack 3

9/30/2008 9:42:25 PM
mbam-log-2008-09-30 (21-42-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 116357
Time elapsed: 45 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\albhma.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{12cf9ec5-8dd9-43ac-97d2-d48f13642328} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\oinanalytics (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bma3d28e2f (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a0e1bdb3 (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\OINAnalytics (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\albhma.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0034693.exe (Adware.SpeedMonitor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0034695.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0034696.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0034697.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0035761.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0035818.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0036185.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP138\A0036210.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP139\A0036218.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fceqmcsb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newcgqvd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bblwzc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\OINAnalytics\Uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.

craftcc
New Member

Date Joined Sep 2008
Total Posts : 7

Posted 10-1-2008 3:54 (GMT +1)

ComboFix 08-09-28.05 - Clay 2008-09-30 12:29:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.492 [GMT -5:00]
Running from: C:\Documents and Settings\Clay\Desktop\FIX\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Documents and Settings\Clay\Application Data\TSKS~1
C:\Documents and Settings\Clay\Application Data\TSKS~1\T?sks\
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\asks~1\d?xplore.exe
C:\WINDOWS\system32\nnjvnmgc.ini
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-30 12:15 . 2008-09-30 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-30 11:35 . 2008-09-30 11:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 11:35 . 2008-09-30 11:35 <DIR> d-------- C:\Documents and Settings\Clay\Application Data\Malwarebytes
2008-09-30 11:35 . 2008-09-30 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 11:35 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 11:35 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 11:27 . 2008-09-30 11:27 <DIR> d-------- C:\Program Files\CCleaner
2008-09-30 11:15 . 2008-09-30 11:15 123,904 --a------ C:\WINDOWS\system32\hdvyuz.dll
2008-09-30 11:15 . 2008-09-30 11:15 123,904 --a------ C:\WINDOWS\system32\ceydnagq.dll
2008-09-30 11:14 . 2008-09-30 11:14 101,888 --a------ C:\WINDOWS\system32\nbaovyto.dll
2008-09-28 23:41 . 2008-09-28 23:41 10,862 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-28 23:41 . 2008-09-28 23:41 10,854 --a------ C:\WINDOWS\system32\Jamster.ico
2008-09-28 23:37 . 2008-09-28 23:37 128,000 --a------ C:\WINDOWS\system32\fceqmcsb.dll
2008-09-28 23:37 . 2008-09-28 23:37 128,000 --a------ C:\WINDOWS\system32\albhma.dll
2008-09-28 21:49 . 2008-09-29 00:13 551 --a------ C:\WINDOWS\wininit.ini
2008-09-28 21:35 . 2008-09-28 21:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-28 21:35 . 2008-09-30 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-28 21:30 . 2008-09-28 21:30 <DIR> d-------- C:\VundoFix Backups
2008-09-28 19:04 . 2008-09-28 19:04 3,412 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-28 16:46 . 2008-09-28 16:46 128,000 --a------ C:\WINDOWS\system32\newcgqvd.dll
2008-09-28 16:46 . 2008-09-28 16:46 128,000 --a------ C:\WINDOWS\system32\bblwzc.dll
2008-09-28 16:45 . 2008-09-28 21:31 1,950 --ahs---- C:\WINDOWS\system32\nqsBKRqr.ini2
2008-09-28 16:45 . 2008-09-28 21:31 1,950 --ahs---- C:\WINDOWS\system32\nqsBKRqr.ini
2008-09-28 16:40 . 2008-09-30 12:27 <DIR> d-------- C:\Program Files\OINAnalytics
2008-09-18 14:41 . 2008-09-18 14:41 653 --a------ C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
2008-09-18 14:11 . 2008-09-18 14:11 <DIR> d-------- C:\tmp_McAfee_Agent
2008-09-18 14:11 . 2008-09-26 12:54 <DIR> d-------- C:\Program Files\McAfee
2008-09-18 14:11 . 2008-09-26 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-18 14:01 . 2008-09-18 14:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 13:44 . 2007-08-11 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-09-18 13:44 . 2008-09-18 13:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-18 13:36 . 2008-04-13 19:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-18 13:36 . 2008-04-13 19:11 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-15 16:53 . 2008-09-15 16:53 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-15 16:53 . 2008-09-15 16:53 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-15 16:53 . 2008-09-15 16:53 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-15 16:53 . 2008-09-15 16:53 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-15 16:47 . 2008-09-15 16:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-15 16:28 . 2008-09-15 16:28 <DIR> d-------- C:\WINDOWS\EHome
2008-09-12 04:20 . 2008-04-13 19:12 774,144 --------- C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-09-12 04:19 . 2008-04-13 19:12 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 04:18 . 2008-04-13 19:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-09-12 04:17 . 2008-04-13 19:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll
2008-09-12 04:17 . 2008-04-13 12:23 8,192 --------- C:\WINDOWS\system32\dllcache\asferror.dll
2008-09-12 04:17 . 2008-04-13 19:11 4,255 --a------ C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,967 --a------ C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,775 --a------ C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,711 --a------ C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,647 --a------ C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,615 --a------ C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,135 --a------ C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-09-01 15:03 . 2008-09-01 15:03 <DIR> d-------- C:\WINDOWS\A7091E1D36A447F1A739173CC341414F.TMP
2008-08-26 22:10 . 2008-09-18 14:43 <DIR> d-------- C:\Documents and Settings\Clay\Application Data\Yahoo!
2008-08-26 21:30 . 2008-09-18 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-08-26 21:28 . 2008-09-30 11:27 <DIR> d-------- C:\Program Files\Yahoo!
2008-08-13 10:56 . 2008-05-01 09:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 10:52 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 16:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-28 21:54 --------- d-----w C:\Program Files\Alwil Software
2008-09-24 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-18 19:45 --------- d-----w C:\Program Files\Java
2008-09-18 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 19:41 --------- d-----w C:\Program Files\Dell Network Assistant
2008-09-18 19:09 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-21 04:41 --------- d-----w C:\Program Files\Lavasoft
2008-08-21 04:40 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 17:48 --------- d-----w C:\Program Files\Cisco Systems
2008-04-07 17:27 58,392 ----a-w C:\Documents and Settings\Clay\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Detetr"="C:\WINDOWS\system32\?asks\d?xplore.exe" [?]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-06 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-06 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-06 138008]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-09 36864]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-05-09 1392640]
"Dell QuickSet"="C:\Program Files\DELL\QuickSet\quickset.exe" [2007-05-14 1191936]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 282624]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"Adobe Version Cue CS2"="c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-09-27 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-11 50688]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-23 125624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-04-10 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=albhma.dll hdvyuz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 18:58 856064 c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DELL\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-05-09 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0012BF6C-B30D-4B9E-AE1E-60C332F78095} - (no file)
BHO-{453F51E8-FEF5-4C54-B136-944BF434360C} - (no file)
BHO-{9345C9FB-243D-7DBF-1A70-2F10EB7F2790} - (no file)
BHO-{C50B14AE-4327-4616-B688-313052DDA647} - C:\WINDOWS\system32\rqRKBsqn.dll
BHO-{ECE757A4-DEF4-4CC0-A0B7-A3311977AACA} - (no file)
HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-Sen - C:\DOCUME~1\Clay\APPLIC~1\TSKS~1\ntvdm.exe
HKCU-Run-VnrBlock21 - C:\Program Files\VnrBlock\VnrBlock21.exe
HKLM-Run-BMa3d28e2f - C:\WINDOWS\system32\volkvhtb.dll
HKLM-Run-a0e1bdb3 - C:\WINDOWS\system32\wbtabfxs.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.auburn.edu/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.reallusion.com/linkcount/linkcount.asp?lid=minictv
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 12:36:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-30 12:41:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-30 17:41:29

Pre-Run: 135,086,088,192 bytes free
Post-Run: 135,113,957,376 bytes free

215 --- E O F --- 2008-09-16 04:10:44

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13594

Posted 10-1-2008 5:47 (GMT +1)

Please tell them at Bleeping, you are getting help elsewhere:

http://www.bleepingcomputer.com/forums/lofiversion/index.php/t171912.html

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

Killall::

Snapshot::

File::
C:\WINDOWS\system32\hdvyuz.dll
C:\WINDOWS\system32\ceydnagq.dll
C:\WINDOWS\system32\nbaovyto.dll

C:\WINDOWS\system32\fceqmcsb.dll
C:\WINDOWS\system32\albhma.dll

C:\WINDOWS\system32\newcgqvd.dll
C:\WINDOWS\system32\bblwzc.dll
C:\WINDOWS\system32\nqsBKRqr.ini2
C:\WINDOWS\system32\nqsBKRqr.ini

C:\WINDOWS\system32\rqRKBsqn.dll

Folder::
C:\Program Files\OINAnalytics

C:\VundoFix Backups

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Detetr"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

Save this as:
CFScript

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

Then post fresh combofix log, along with new hijackthis log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

craftcc
New Member

Date Joined Sep 2008
Total Posts : 7

Posted 10-2-2008 7:21 (GMT +1)

Here are the new logs:

ComboFix 08-09-28.05 - Clay 2008-10-01 17:48:31.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.534 [GMT -5:00]
Running from: C:\Documents and Settings\Clay\Desktop\FIX\ComboFix.exe
Command switches used :: C:\Documents and Settings\Clay\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\albhma.dll
C:\WINDOWS\system32\bblwzc.dll
C:\WINDOWS\system32\ceydnagq.dll
C:\WINDOWS\system32\fceqmcsb.dll
C:\WINDOWS\system32\hdvyuz.dll
C:\WINDOWS\system32\nbaovyto.dll
C:\WINDOWS\system32\newcgqvd.dll
C:\WINDOWS\system32\nqsBKRqr.ini
C:\WINDOWS\system32\nqsBKRqr.ini2
C:\WINDOWS\system32\rqRKBsqn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\system32\ceydnagq.dll
C:\WINDOWS\system32\hdvyuz.dll
C:\WINDOWS\system32\nbaovyto.dll
C:\WINDOWS\system32\nqsBKRqr.ini
C:\WINDOWS\system32\nqsBKRqr.ini2

.
((((((((((((((((((((((((( Files Created from 2008-09-01 to 2008-10-01 )))))))))))))))))))))))))))))))
.

2008-09-30 21:57 . 2008-09-30 21:57 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-30 21:57 . 2008-09-30 21:57 <DIR> d-------- C:\Documents and Settings\Clay\Application Data\SUPERAntiSpyware.com
2008-09-30 21:57 . 2008-09-30 21:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-30 20:46 . 2008-09-30 20:46 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-09-30 12:15 . 2008-09-30 12:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-30 11:35 . 2008-09-30 11:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-30 11:35 . 2008-09-30 11:35 <DIR> d-------- C:\Documents and Settings\Clay\Application Data\Malwarebytes
2008-09-30 11:35 . 2008-09-30 11:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-30 11:35 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-30 11:35 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-30 11:27 . 2008-09-30 11:27 <DIR> d-------- C:\Program Files\CCleaner
2008-09-28 23:41 . 2008-09-28 23:41 10,862 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-28 23:41 . 2008-09-28 23:41 10,854 --a------ C:\WINDOWS\system32\Jamster.ico
2008-09-28 21:49 . 2008-09-29 00:13 551 --a------ C:\WINDOWS\wininit.ini
2008-09-28 21:35 . 2008-09-30 17:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-28 21:35 . 2008-09-30 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-28 19:04 . 2008-09-28 19:04 3,412 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-18 14:41 . 2008-09-18 14:41 653 --a------ C:\WINDOWS\{0240BDFB-2995-4A3F-8C96-18D41282B716}_WiseFW.ini
2008-09-18 14:11 . 2008-09-18 14:11 <DIR> d-------- C:\tmp_McAfee_Agent
2008-09-18 14:11 . 2008-09-26 12:54 <DIR> d-------- C:\Program Files\McAfee
2008-09-18 14:11 . 2008-09-26 12:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-18 14:01 . 2008-09-18 14:01 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 13:44 . 2007-08-11 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-09-18 13:44 . 2008-09-18 13:44 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-18 13:36 . 2008-04-13 19:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-18 13:36 . 2008-04-13 19:11 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-15 16:53 . 2008-09-15 16:53 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-15 16:53 . 2008-09-15 16:53 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-15 16:53 . 2008-09-15 16:53 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-15 16:53 . 2008-09-15 16:53 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-15 16:47 . 2008-09-15 16:54 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-15 16:28 . 2008-09-15 16:28 <DIR> d-------- C:\WINDOWS\EHome
2008-09-12 04:20 . 2008-04-13 19:12 774,144 --------- C:\WINDOWS\system32\dllcache\setup_wm.exe
2008-09-12 04:19 . 2008-04-13 19:12 1,737,856 --a------ C:\WINDOWS\system32\mtxparhd.dll
2008-09-12 04:18 . 2008-04-13 19:11 1,888,992 --a------ C:\WINDOWS\system32\ati3duag.dll
2008-09-12 04:17 . 2008-04-13 19:11 136,192 --a------ C:\WINDOWS\system32\aaclient.dll
2008-09-12 04:17 . 2008-04-13 12:23 8,192 --------- C:\WINDOWS\system32\dllcache\asferror.dll
2008-09-12 04:17 . 2008-04-13 19:11 4,255 --a------ C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,967 --a------ C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,775 --a------ C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,711 --a------ C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,647 --a------ C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,615 --a------ C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-09-12 04:17 . 2008-04-13 19:11 3,135 --a------ C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-09-01 15:03 . 2008-09-01 15:03 <DIR> d-------- C:\WINDOWS\A7091E1D36A447F1A739173CC341414F.TMP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-01 22:55 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-01 18:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-10-01 02:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-30 16:27 --------- d-----w C:\Program Files\Yahoo!
2008-09-28 21:54 --------- d-----w C:\Program Files\Alwil Software
2008-09-24 15:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-18 19:45 --------- d-----w C:\Program Files\Java
2008-09-18 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-18 19:43 --------- d-----w C:\Documents and Settings\Clay\Application Data\Yahoo!
2008-09-18 19:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-09-18 19:41 --------- d-----w C:\Program Files\Dell Network Assistant
2008-08-21 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-21 04:41 --------- d-----w C:\Program Files\Lavasoft
2008-08-20 17:48 --------- d-----w C:\Program Files\Cisco Systems
2008-04-07 17:27 58,392 ----a-w C:\Documents and Settings\Clay\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-23 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"RegistryMechanic"="C:\Program Files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 851968]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-06-06 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-06-06 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-06-06 138008]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-05-09 36864]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-05-09 1392640]
"Dell QuickSet"="C:\Program Files\DELL\QuickSet\quickset.exe" [2007-05-14 1191936]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 282624]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"Adobe Version Cue CS2"="c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 C:\WINDOWS\stsystra.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2007-09-27 25214]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-07 28672]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-11 50688]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-08-23 125624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-04-10 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
--a------ 2005-04-04 18:58 856064 c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DELL\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-05-09 235584]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-03-05 7424]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0012BF6C-B30D-4B9E-AE1E-60C332F78095} - (no file)
BHO-{9345C9FB-243D-7DBF-1A70-2F10EB7F2790} - (no file)
BHO-{C50B14AE-4327-4616-B688-313052DDA647} - (no file)
BHO-{ECE757A4-DEF4-4CC0-A0B7-A3311977AACA} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-01 17:54:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-10-01 18:00:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-01 23:00:12
ComboFix2.txt 2008-09-30 17:41:34

Pre-Run: 135,007,064,064 bytes free
Post-Run: 135,062,360,064 bytes free

193 --- E O F --- 2008-09-16 04:10:44

craftcc
New Member

Date Joined Sep 2008
Total Posts : 7

Posted 10-2-2008 7:21 (GMT +1)

craftcc
New Member

Date Joined Sep 2008
Total Posts : 7

Posted 10-2-2008 7:22 (GMT +1)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:57, on 10/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.auburn.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.reallusion.com/linkcount/linkcount.asp?lid=minictv
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\DELL\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] c:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "c:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-21-1881503960-3573568009-922294452-500\..\Run: [DELL Webcam Manager] "C:\Program Files\DELL\DELL Webcam Manager\DellWMgr.exe" /s (User 'Administrator')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/26.30/uploader2.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - c:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10125 bytes

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13594

Posted 10-3-2008 3:42 (GMT +1)

Looks clean. How are things running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

craftcc
New Member

Date Joined Sep 2008
Total Posts : 7

Posted 10-6-2008 2:08 (GMT +1)

It seems to be running 100%. For some reason my Avast does not show up at startup even thought it is tagged in the startup menu.

Thank you so much for all of the help Touch! I owe you one.