There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
 
Tag Cloud
antivirus audio avg avg 8 backup bios boot browser bsod computer cpu crash css desktop driver dvd email error excel explorer firefox firefox 3 freeze game graphics hard drive hardware help please hijackthis hjt install internet internet explorer itunes javascript keyboard lan laptop malware missing monitor msn network networking openoffice outlook outlook 2003 outlook express php popups problem router screen seo slow sound sp3 spyware trojan usb video virtumonde virus vista vundo windows windows vista windows xp wireless word
Malware Removal & HijackThis Logs
Search
Search in:
 
Advanced Search
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: Vundo virus


HELLO AND WELCOME! Before you can post your question, you'll have to register -- it's completely free! Click here to join today! We highly recommend that you print a copy of our Guide for New Members. Enjoy!

Page 1 of 3 1 23 >
 
Thread Tools
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
25-Apr-2008, 05:25 PM #1
Solved: Vundo virus
Hi,

I have windows XP as my operating system. My norton antivirus softare has regularly been detecting trojan vundo and trojan metajuan. Whenever i click on "Fix the problem", it prompts to restart and after i restart my computer, the viruses come back. The infected files detected by the NAV were-
iexplorer.exe
rundll32.exe
Whenever, i terminate any of the two processes my computer runs ridiculously slow.
Now, i have also been recieving popups from WinServiceCorps.Ltd about Malware Alarm, SpywareRemovalTool etc, but i haven't downloaded any of these.
I have the following antivirus, spyware softwares on my computer-
Norton Antivirus 2007
Spy Sweeper
Spyware Doctor (trial version)
Windows Defender
Malware Bytes Antivirus (recently installed after reading a post on the forums)

The anti spyware softwares also detect many cookies/tracking softwares.
Please Help!
Last edited by pc.m : 26-Apr-2008 08:10 AM.
cybertech's Avatar
Computer Specs
Moderator with 55,962 posts.
  
Join Date: Apr 2002
Location: Washington State
28-Apr-2008, 03:38 PM #2
Hi, Welcome to TSG!!


Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Open IE, go to Tools, Internet Options, Privacy, Advanced, click in the box "Override automatic cookie handling", First-party Cookies select Prompt, Third-party cookies select Block. When unwanted cookies try to install click block.
__________________
Microsoft MVP/Windows - Consumer Security


If we have helped you, please consider making a donation to TSG!
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
28-Apr-2008, 04:28 PM #3
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:57 AM, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
E:\iPod\iTunesHelper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
E:\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Acrobat 7.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Shreyans\Local Settings\Temporary Internet Files\Content.IE5\X3F6B5BF\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [64b94214] "rundll32.exe" "C:\WINDOWS\system32\cawnqnnx.dll",b
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WinAnonymous] "C:\Program Files\WinAnonymous\GDC.exe" /scan
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://webmail.ilfsets.com/dwa7W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D79DE2E-3B23-4F0D-9899-903645C6A635}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\..\{94525950-EEB6-4F6D-85F8-62D52D5EFCF6}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.28 85.255.112.185
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D79DE2E-3B23-4F0D-9899-903645C6A635}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.28 85.255.112.185
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D79DE2E-3B23-4F0D-9899-903645C6A635}: NameServer = 85.255.116.28,85.255.112.185
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.28 85.255.112.185
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12247 bytes
cybertech's Avatar
Computer Specs
Moderator with 55,962 posts.
  
Join Date: Apr 2002
Location: Washington State
28-Apr-2008, 05:48 PM #4
Please print these instructions for reference, as you will have to restart your computer during the fix.

Please download FixWareout from Here or Here.

Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.
  1. Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  2. The fix will begin; follow the prompts.
  3. If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
  4. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  5. Once the desktop loads a text file will open (report.txt).
    Please post the C:\fixwareout\report.txt ), along with a new HijackThis log into this topic.
__________________
Microsoft MVP/Windows - Consumer Security


If we have helped you, please consider making a donation to TSG!
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
29-Apr-2008, 03:32 AM #5
After running the FixWareout and re-booting my computer, i am not able to access any site, though i'm connected to the internet.
However i have stored the reports in a USB drive and am sending it through my laptop.
Last edited by pc.m : 29-Apr-2008 04:01 AM.
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
29-Apr-2008, 03:38 AM #6
Username "Shreyans" - 29/04/2008 12:16:38 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.28 85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{0D79DE2E-3B23-4F0D-9899-903645C6A635}
"nameserver"="85.255.116.28,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{94525950-EEB6-4F6D-85F8-62D52D5EFCF6}
"nameserver"="85.255.116.28,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{6F86C2B3-52D5-4C1C-8B8D-2A2BDE296888}
"DhcpNameServer"="85.255.116.28,85.255.112.185" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\inter faces\{94525950-EEB6-4F6D-85F8-62D52D5EFCF6}
"DhcpNameServer"="85.255.116.28,85.255.112.185" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"VX1000"="C:\\WINDOWS\\vVX1000.exe"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"PCSuiteTrayApplication"="\"E:\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe\" -startup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"IMJPMIG8.2"="msime80.exe"
"iTunesHelper"="\"E:\\iPod\\iTunesHelper.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\Reader_sl.exe\""
"PWRISOVM.EXE"="\"C:\\Program Files\\PowerISO\\PWRISOVM.EXE\""
"SBI"="C:\\Documents and Settings\\Shreyans\\Local Settings\\Temporary Internet Files\\Content.IE5\\X3F6B5BF\\setup_sbd_en[1].exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SpyHunter Security Suite"="\"C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter3.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"64b94214"="\"rundll32.exe\" \"C:\\WINDOWS\\system32\\cawnqnnx.dll\",b"
"SpySweeper"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe /startintray"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\spydoctor.exe\" /Q"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9"
"WinAnonymous"="\"C:\\Program Files\\WinAnonymous\\GDC.exe\" /scan"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
29-Apr-2008, 03:39 AM #7
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:39 PM, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\iPod\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
E:\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Acrobat 7.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Shreyans\Local Settings\Temporary Internet Files\Content.IE5\X3F6B5BF\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [64b94214] "rundll32.exe" "C:\WINDOWS\system32\cawnqnnx.dll",b
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WinAnonymous] "C:\Program Files\WinAnonymous\GDC.exe" /scan
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://webmail.ilfsets.com/dwa7W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10957 bytes
cybertech's Avatar
Computer Specs
Moderator with 55,962 posts.
  
Join Date: Apr 2002
Location: Washington State
29-Apr-2008, 11:31 AM #8
In the ComboFix tutorial there are instructions on fixing your internet connection.

Please visit this webpage for instructions on installing recovery console and downloading/running ComboFix.

Post the log from ComboFix along with a new HijackThis log.
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
29-Apr-2008, 12:31 PM #9
The ComboFix tutorial did not help, i am still not able to access any site. I get the following message on the bottom left side of the internet explorer "res://ieframe.dll/dnserrordiagoff.htm" and after a few seconds, i get the message "Internet Explore Cannot Display The Webpage". This problem has arised after i ran the FixWareout thing.
cybertech's Avatar
Computer Specs
Moderator with 55,962 posts.
  
Join Date: Apr 2002
Location: Washington State
29-Apr-2008, 01:05 PM #10
Yes, I understand that. FixWareOut flushed your DNS. If your ISP required you to set up a special DNS settings you will need to do that again, but I guarantee you the ones you were using were rogue!

Go to Control panel, network connections, Local Area Connection, properties, click on Internet Protocol (TCP/IP), properties. If you need to put in something special for your ISP this is where you would do it. Most use DHCP so you would select Obtain an IP address and Obtain DNS server address automatically.
__________________
Microsoft MVP/Windows - Consumer Security


If we have helped you, please consider making a donation to TSG!
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
29-Apr-2008, 01:37 PM #11
I'll call one of my ISP helpers to fix my internet problem.
Anyways, here's my combofix log(sending through my laptop):


ComboFix 08-04-28.2 - Shreyans 2008-04-29 22:29:34.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.82 [GMT 5.5:30]
Running from: C:\Documents and Settings\Shreyans\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Shreyans\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Shreyans\Application Data\macromedia\Flash Player\#SharedObjects\26MHQ4LU\iforex.com
C:\Documents and Settings\Shreyans\Application Data\macromedia\Flash Player\#SharedObjects\26MHQ4LU\iforex.com\Emerp\Events\flash_object.swf\use r_data.sol
C:\Documents and Settings\Shreyans\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Shreyans\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cawnqnnx.dll
C:\WINDOWS\system32\eicbalgq.dll
C:\WINDOWS\system32\hufwovxu.ini
C:\WINDOWS\system32\jiStBJjl.ini
C:\WINDOWS\system32\jiStBJjl.ini2
C:\WINDOWS\system32\kTwFffii.ini
C:\WINDOWS\system32\ljJDSLBt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\setting.ini
C:\WINDOWS\system32\tBLSDJjl.ini
C:\WINDOWS\system32\tBLSDJjl.ini2
C:\WINDOWS\system32\uninstall.exe
C:\WINDOWS\system32\vobjkkis.ini
C:\WINDOWS\system32\vtUkkHYr.dll
C:\WINDOWS\system32\xxyawwxV.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-29 12:15 . 2008-04-29 12:15 <DIR> d-------- C:\fixwareout
2008-04-28 20:21 . 2008-04-28 20:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-26 20:16 . 2008-04-26 20:16 <DIR> d--hs---- C:\FOUND.005
2008-04-26 18:12 . 2008-04-26 18:13 <DIR> d--h----- C:\WINDOWS\ie8
2008-04-26 01:51 . 2008-04-26 01:51 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\Malwarebytes
2008-04-26 01:50 . 2008-04-26 01:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-26 01:50 . 2008-04-26 01:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 01:07 . 2008-04-21 01:07 <DIR> d--hs---- C:\FOUND.004
2008-04-21 00:56 . 2008-04-29 21:50 2,560 --a------ C:\WINDOWS\system32\drivers\mchInjDrv.sys
2008-04-20 13:13 . 2008-04-20 13:13 294 ---hs---- C:\WINDOWS\system32\jxlpgpbu.ini
2008-04-20 13:05 . 2008-04-20 13:05 <DIR> d--hs---- C:\FOUND.003
2008-04-19 17:04 . 2008-04-19 17:04 <DIR> d-------- C:\Program Files\Webroot
2008-04-19 17:04 . 2008-04-19 17:04 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\Webroot
2008-04-19 17:04 . 2008-04-19 17:05 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-04-19 17:04 . 2008-04-19 17:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-04-19 17:04 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2008-04-19 17:04 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-04-19 17:04 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-04-19 17:04 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-04-19 17:04 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-04-19 15:54 . 2008-04-19 15:54 <DIR> d--hs---- C:\FOUND.002
2008-04-19 01:30 . 2008-04-29 22:28 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-19 00:19 . 2008-03-06 21:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-04-19 00:19 . 2008-03-06 21:32 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-04-19 00:19 . 2008-03-06 21:32 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-04-18 23:47 . 2008-04-21 00:42 714 ---hs---- C:\WINDOWS\system32\jfdjcolk.ini
2008-04-18 20:15 . 2008-04-18 20:15 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-04-18 20:14 . 2008-04-21 01:25 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-18 20:14 . 2008-04-21 01:25 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-18 20:13 . 2008-04-18 20:13 <DIR> d-------- C:\Program Files\Symantec
2008-04-18 20:13 . 2008-04-18 20:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-18 02:37 . 2008-04-18 02:54 209,559,552 --a------ C:\235.tmp
2008-04-18 01:24 . 2008-04-18 01:24 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-17 22:02 . 2008-04-17 22:02 646 ---hs---- C:\WINDOWS\system32\watjtvsx.ini
2008-04-17 21:48 . 2008-04-17 21:48 <DIR> d--hs---- C:\FOUND.001
2008-04-17 16:01 . 2008-04-17 16:01 <DIR> d-------- C:\Program Files\Windows Defender
2008-04-17 13:38 . 2008-04-17 22:02 586 ---hs---- C:\WINDOWS\system32\lgvpwfgs.ini
2008-04-16 15:46 . 2008-04-29 22:44 1,024 --ah----- C:\Documents and Settings\Guest\ntuser.dat.LOG
2008-04-16 14:16 . 2008-04-16 14:16 <DIR> d--hs---- C:\FOUND.000
2008-04-16 13:37 . 2008-04-17 13:37 766 ---hs---- C:\WINDOWS\system32\vqrmhsqy.ini
2008-04-16 13:36 . 2008-04-25 16:14 109,129 --a------ C:\WINDOWS\BM678a7188.xml
2008-04-16 00:09 . 2008-04-21 01:25 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-16 00:09 . 2008-04-21 01:25 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-15 23:51 . 2008-04-18 20:57 16 --a------ C:\WINDOWS\system32\coh.cache
2008-04-15 23:31 . 2008-04-15 23:31 <DIR> d-------- C:\Program Files\Norton 2007
2008-04-15 22:46 . 2008-04-15 22:46 <DIR> d-------- C:\Program Files\PowerISO
2008-04-15 22:11 . 2008-04-15 22:11 <DIR> d-------- C:\Program Files\uTorrent
2008-04-15 22:11 . 2008-04-15 22:11 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\uTorrent
2008-04-15 22:05 . 2008-04-15 22:05 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\PCF-VLC
2008-04-15 21:30 . 2008-04-15 21:38 921,624 --a------ C:\img2-001.raw
2008-04-15 16:54 . 2008-04-15 21:09 369 --a------ C:\WINDOWS\capture.ini
2008-04-11 15:18 . 2008-04-11 15:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-04-03 19:21 . 2008-04-03 19:21 <DIR> d-------- C:\Documents and Settings\Shreyans\Application Data\Participatory Culture Foundation
2008-04-03 19:20 . 2008-04-03 19:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Participatory Culture Foundation
2008-04-01 22:02 . 2004-02-05 20:53 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-04-01 22:02 . 2002-01-05 16:37 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2008-04-01 22:02 . 2004-01-08 01:43 253,952 --a------ C:\WINDOWS\system32\histogram.ocx
2008-04-01 22:02 . 2004-01-09 10:54 188,416 --a------ C:\WINDOWS\system32\actsplash.ocx
2008-04-01 22:01 . 2008-04-01 22:01 <DIR> d-------- C:\Program Files\SystemGuards.com
2008-04-01 22:01 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash8.ocx
2008-04-01 20:18 . 2001-08-29 05:00 94,720 --------- C:\WINDOWS\system32\CNMLM20.DLL
2008-04-01 20:18 . 2001-08-29 05:00 5,632 --a------ C:\WINDOWS\system32\CNMVS20.DLL
2008-04-01 20:17 . 2008-04-01 20:17 <DIR> d--h----- C:\BJPrinter
2008-04-01 20:17 . 2001-09-13 16:30 36,864 --a------ C:\WINDOWS\system32\CNMCP20.EXE
2008-04-01 20:16 . 2008-04-01 20:16 <DIR> d-------- C:\BJC265SP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 20:45 61,952 ------w C:\WINDOWS\system32\kdege.exe
2008-03-24 16:58 --------- d-----w C:\Program Files\Smart AntiVirus
2008-03-21 07:36 --------- d-----w C:\Documents and Settings\Shreyans\Application Data\River Past G5
2008-03-21 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\River Past G5
2008-03-20 21:18 --------- d-----w C:\Documents and Settings\Shreyans\Application Data\PlayFirst
2008-03-20 21:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-14 06:04 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys
2008-03-11 12:32 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-11 12:11 --------- d-----w C:\Program Files\Real
2008-03-03 14:23 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2008-03-03 14:23 78,336 ----a-w C:\WINDOWS\system32\dllcache\ieencode.dll
2008-03-03 14:22 70,656 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-03 14:22 599,552 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-03-03 14:22 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-03-03 14:22 41,984 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-03-03 14:22 349,184 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-03-03 14:22 224,768 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-03-03 14:22 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-03-03 14:22 17,920 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-03-03 14:22 17,920 ----a-w C:\WINDOWS\system32\corpol.dll
2008-03-03 14:22 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-03-03 14:22 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-03-03 14:21 94,208 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
2008-03-03 14:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-03-03 14:21 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll
2008-03-03 14:21 69,120 ----a-w C:\WINDOWS\system32\dllcache\iesetup.dll
2008-03-03 14:21 69,120 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
2008-03-03 14:21 69,120 ----a-w C:\WINDOWS\system32\admparse.dll
2008-03-03 14:21 557,056 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
2008-03-03 14:21 44,032 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2008-03-03 14:21 149,504 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-03 14:21 126,464 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2008-03-03 14:21 119,808 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-03-03 14:20 60,928 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-03 14:20 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-03-03 14:20 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
2008-03-03 14:20 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-03-03 14:20 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-03-03 14:20 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-03-03 14:20 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-03-03 14:20 36,352 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
2008-03-03 14:20 345,600 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-03-03 14:20 268,800 ----a-w C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-03 14:20 212,992 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-03-03 14:16 68,096 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-03-03 14:04 440,832 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 00:00 15360]
"Spyware Doctor"="C:\Program Files\Spyware Doctor\spydoctor.exe" [2004-09-22 10:28 1818624]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"WinAnonymous"="C:\Program Files\WinAnonymous\GDC.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 22:53 15961088 C:\WINDOWS\RTHDCPL.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 17:35 32768]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"PCSuiteTrayApplication"="E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-02 02:52 3739648]
"IMJPMIG8.2"="msime80.exe" []
"iTunesHelper"="E:\iPod\iTunesHelper.exe" [2006-02-23 15:45 278528]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Acrobat 7.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 05:21 233472]
"SBI"="C:\Documents and Settings\Shreyans\Local Settings\Temporary Internet Files\Content.IE5\X3F6B5BF\setup_sbd_en[1].exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 15:47 847872]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-06 12:29 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-01-06 13:10 26248]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="E:\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-01-11 16:02:11 106560]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-05 13:34:12 126136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"= es1371.dll
"midi1"= es1371.dll
"mixer2"= es1371.dll
"aux1"= es1371.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"E:\\iPod\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 mchInjDrv;madCodeHook DLL injection driver;C:\WINDOWS\system32\Drivers\mchInjDrv.sys [2008-04-29 21:50]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{0169f456-bb74-11dc-9d80-001676a2df53}]
\Shell\Auto\command - sal.xls.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{2398bc60-7de4-11dc-9cb2-001676a2df53}]
\Shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{30765be0-2f29-11dc-9b30-001676a2df53}]
\Shell\Open(&O)\command - RECYCLED\appmgmt.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{3e7d918a-52de-11dc-9bd6-001676a2df53}]
\Shell\AutoRun\command - H:\SSCVIHOST.exe
\Shell\Open\command - H:\SSCVIHOST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{e949e6fa-7d7b-11dc-9cb0-001676a2df53}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-08 01:31:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-18 14:54:18 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Shreyans.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-04-29 17:17:18 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 22:44:46
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
E:\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-29 22:53:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-29 17:23:14

Pre-Run: 4,486,414,336 bytes free
Post-Run: 4,656,660,480 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

275 --- E O F --- 2008-03-13 15:00:13
pc.m's Avatar
Computer Specs
Junior Member with 20 posts.
  
Join Date: Apr 2008
Experience: Intermediate
29-Apr-2008, 01:39 PM #12
And here's my new HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:11 PM, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\iPod\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
E:\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.techguy.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://downloads.yahoo.com/internetexplorer/welcome.php
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "E:\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKLM\..\Run: [IMJPMIG8.2] msime80.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Acrobat 7.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Shreyans\Local Settings\Temporary Internet Files\Content.IE5\X3F6B5BF\setup_sbd_en[1].exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [WinAnonymous] "C:\Program Files\WinAnonymous\GDC.exe" /scan
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] E:\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://webmail.ilfsets.com/dwa7W.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...63/mcfscan.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice