1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

love.exe help

Discussion in 'Virus & Other Malware Removal' started by bigdaddysjm09, Apr 7, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    i have something on my computer and it's in my C:/WINDOWS/system32/ folder and it's known as love.exe

    it doesn't cause any dampers on my system performance all it does is use alot of Page File.....and RAM.... but i can open up task manager and end the love.exe process and functions return to normal......i've used lavasoft adaware pro...norton internet security...Spy Huter 3 Security Suite.... and uniblue Spy Eraser and Run FULL scans...they picked up some cookies and a few other things but won't remove love.exe.....it's stuck there......i can go into the system 32 folder and delete it and the next time i start up my computer it's right there again and just starts up with my computer again.......someone please help me remove this pain in the neck
     
  2. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    could someone please help me with this...it's starting to affect my system performance and idk what it is ...the process as listed above is love.exe

    it's located in
    C:/WINDOWS/system32/love.exe
    i uninstalled norton 2008 and installed norton 2007 and it picked up stuff in the full system scan that norton 2008 didn't....i updated my uniblue spy eraser and ran a deep scan it picked up the file love.exe and an S.bat file ...both were located in my system32 folder they were removed and i restarted my computer afterwards and they're right there again...norton internet security doesn't pick this up by the way ......can someone please help me
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,317
    First Name:
    Karen
    Click here to download HJTsetup.exe.
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  4. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:45:04 PM, on 5/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\SQ931STI.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\system32\rserver30\RServer3.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\love.exe
    C:\WINDOWS\system32\rserver30\FamItrfc.Exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\MsiExec.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    F2 - REG:system.ini: Shell=
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKCU\..\Policies\Explorer\Run: [] C:\WINDOWS\system32\config\sysrestore.exe -s
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: StartupFaster
    O4 - Global Startup: StartupFaster
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\Software\..\Telephony: DomainName =
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
    O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avp - GRISOFT, s.r.o. - (no file)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 10110 bytes
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,317
    First Name:
    Karen
    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.
     
  6. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    Combo Fix LOG

    ComboFix 08-05-11.1 - Stephen Matthews 2008-05-11 12:41:31.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT -7:00]
    Running from: C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\msvrc20.dll
    C:\WINDOWS\system32\_000006_.tmp.dll
    C:\WINDOWS\system32\_000017_.tmp.dll
    C:\WINDOWS\system32\_000024_.tmp.dll
    C:\WINDOWS\system32\_000028_.tmp.dll
    C:\WINDOWS\system32\_000029_.tmp.dll
    C:\WINDOWS\system32\_000030_.tmp.dll
    C:\WINDOWS\system32\_000031_.tmp.dll
    C:\WINDOWS\system32\_000032_.tmp.dll
    C:\WINDOWS\system32\_000034_.tmp.dll
    C:\WINDOWS\system32\_000058_.tmp.dll
    C:\WINDOWS\system32\i.txt
    C:\WINDOWS\system32\Ultra.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
    .

    2008-05-10 20:42 . 2008-05-10 20:42 <DIR> d----c--- C:\Program Files\Trend Micro
    2008-05-10 20:32 . 2008-05-10 20:32 66 --a--c--- C:\WINDOWS\system32\S.BAT
    2008-05-07 20:52 . 2008-05-07 20:52 <DIR> d----c--- C:\Program Files\Radmin Viewer 3
    2008-05-07 18:32 . 2008-05-07 18:32 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Radmin
    2008-05-07 16:57 . 2008-05-10 19:27 <DIR> d----c--- C:\WINDOWS\system32\rserver30
    2008-05-06 17:58 . 2008-05-06 17:58 <DIR> d----c--- C:\WINDOWS\Migo Recover Lost Data
    2008-05-06 14:20 . 2008-05-06 14:20 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Aurora Web Editor
    2008-05-06 10:49 . 2008-05-06 16:05 <DIR> d----c--- C:\Program Files\Multimedia Australia
    2008-05-03 21:44 . 2008-05-05 17:55 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
    2008-05-03 21:44 . 2008-05-05 17:55 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\SUPERAntiSpyware.com
    2008-05-03 12:56 . 2008-05-03 12:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-05-01 21:44 . 2008-05-01 21:44 <DIR> d----c--- C:\Setup
    2008-05-01 20:56 . 2008-05-01 20:56 <DIR> d--hsc--- C:\INCINERATE
    2008-04-29 14:42 . 2008-04-29 14:42 <DIR> d----c--- C:\Program Files\Speed Gear 5
    2008-04-27 20:07 . 2008-04-27 20:40 <DIR> d----c--- C:\Program Files\Norton Internet Security
    2008-04-27 20:06 . 2008-04-27 20:35 123,952 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-04-27 20:06 . 2008-04-27 20:35 60,800 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
    2008-04-27 20:05 . 2008-04-27 20:35 <DIR> d----c--- C:\Program Files\Symantec
    2008-04-27 19:15 . 2008-04-27 19:17 <DIR> d----c--- C:\WINDOWS\system32\Adobe
    2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_2_D1.prf
    2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_1_D1.prf
    2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\AM_D0.PRF
    2008-04-26 07:45 . 2008-04-26 07:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SRS Labs
    2008-04-26 07:45 . 2007-05-03 10:27 47,360 -ra--c--- C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
    2008-04-26 07:45 . 2007-05-03 10:27 46,592 -ra--c--- C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
    2008-04-26 07:45 . 2007-05-03 10:28 39,552 -ra--c--- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
    2008-04-26 07:45 . 2007-05-03 10:27 37,248 -ra--c--- C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
    2008-04-26 07:45 . 2007-05-03 10:27 32,000 -ra--c--- C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
    2008-04-25 21:06 . 2008-04-25 21:06 <DIR> d----c--- C:\Program Files\Google Hacks
    2008-04-25 15:12 . 2007-12-24 17:37 138,384 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-04-24 21:00 . 2008-04-24 21:00 <DIR> d----c--- C:\Documents and Settings\Administrator.STEPHEN\Application Data\Lavasoft
    2008-04-23 18:56 . 2008-04-23 18:56 <DIR> d----c--- C:\Program Files\LimeWire
    2008-04-23 17:06 . 2008-04-23 17:06 71 --a--c--- C:\WINDOWS\SpotAuditor.INI
    2008-04-22 15:01 . 2008-04-22 15:01 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools Pro
    2008-04-22 14:56 . 2007-02-22 09:05 90,112 --a--c--- C:\Progr_.dll
    2008-04-22 14:38 . 2008-04-22 14:38 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools
    2008-04-22 14:38 . 2008-04-22 14:38 717,296 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-22 04:59 . 2008-04-22 04:59 1,409 --a--c--- C:\WINDOWS\system32\tmp621EE.FOT
    2008-04-22 04:59 . 2008-04-22 04:59 24 --a--c--- C:\WINDOWS\AM_D8.PRF
    2008-04-22 04:55 . 2008-04-26 11:26 <DIR> d----c--- C:\Program Files\Graffiti Studio 2.0
    2008-04-21 22:11 . 2008-04-21 22:11 <DIR> d----c--- C:\WINDOWS\uninstall\F4U KeyGen Maker
    2008-04-21 22:11 . 2008-04-21 22:11 <DIR> d----c--- C:\WINDOWS\uninstall
    2008-04-21 20:17 . 2008-04-21 20:17 16 --a--c--- C:\WINDOWS\system32\coh.cache
    2008-04-20 20:25 . 2008-04-20 20:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-04-20 20:13 . 2008-04-21 21:25 <DIR> d----c--- C:\Program Files\Wireless WEP Key Password Spy
    2008-04-18 19:01 . 2008-04-23 10:58 <DIR> d----c--- C:\Program Files\Speeditup Free
    2008-04-17 04:49 . 2007-12-19 11:06 172,032 --a--c--- C:\WINDOWS\system32\igfxres.dll
    2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\WINDOWS\OPTIONS
    2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\Program Files\Realtek
    2008-04-17 04:43 . 2008-01-31 21:45 53,248 --a--c--- C:\WINDOWS\system32\CSVer.dll
    2008-04-17 04:40 . 2008-04-17 04:40 <DIR> d----c--- C:\WINDOWS\system32\ENU
    2008-04-17 04:40 . 2007-10-18 15:51 126,976 --a--c--- C:\WINDOWS\system32\Imsmudlg.exe
    2008-04-16 22:59 . 2004-06-14 14:56 427,864 --a--c--- C:\WINDOWS\system32\XceedZip.dll
    2008-04-16 22:38 . 2008-04-16 22:46 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{36D03E21-363A-4CBC-9E13-A90BDCFAFB04}
    2008-04-14 14:52 . 2008-04-14 14:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-04-14 14:34 . 2008-04-19 09:21 <DIR> d----c--- C:\Program Files\XoftSpySE
    2008-04-13 22:26 . 2008-05-10 20:37 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-04-13 12:40 . 2008-04-30 09:24 <DIR> d----c--- C:\WINDOWS\system32\NtmsData
    2008-04-11 21:28 . 2007-10-01 16:40 1,526,072 --a--c--- C:\WINDOWS\WRSetup.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-11 19:43 --------- dc----w C:\Program Files\Common Files\Symantec Shared
    2008-05-11 03:32 495,616 -cs---w C:\WINDOWS\system32\love.exe
    2008-05-11 02:30 --------- dc----w C:\Program Files\Thinstall.VS
    2008-05-09 00:26 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\U3
    2008-05-08 02:35 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Thinstall
    2008-05-07 22:51 --------- dc----w C:\Program Files\FriendBlasterPro
    2008-05-06 00:58 --------- dc-h--w C:\Program Files\InstallShield Installation Information
    2008-05-06 00:55 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-03 21:01 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Registry Help Pro
    2008-05-03 20:47 --------- dc----w C:\Program Files\TuneUp Utilities 2008
    2008-05-03 20:46 307,968 -c--a-w C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-05-02 16:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo
    2008-04-30 16:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\iolo
    2008-04-30 16:24 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\LimeWire
    2008-04-30 16:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-30 15:02 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-04-30 00:14 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-04-28 03:39 6,596 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-28 03:39 58,912 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-28 03:35 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-04-28 03:35 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-04-26 13:54 --------- dc----w C:\Program Files\RegCure
    2008-04-24 01:52 --------- dc----w C:\Program Files\Microsoft Money 2006
    2008-04-20 20:10 --------- dc----w C:\Program Files\KGB Archiver 2
    2008-04-17 22:24 --------- dc----w C:\Program Files\Hewlett-Packard
    2008-04-17 11:40 --------- dc----w C:\Program Files\Intel
    2008-04-14 04:15 --------- dc----w C:\Documents and Settings\All Users\Application Data\Trymedia
    2008-04-12 04:47 --------- dc----w C:\Program Files\Hitman Pro
    2008-04-11 06:55 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-11 03:57 164 -c--a-w C:\install.dat
    2008-04-08 03:42 32,300 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-08 03:42 2,331,424 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-08 01:46 --------- dc----w C:\Program Files\Enigma Software Group
    2008-04-07 23:46 --------- dc----w C:\Program Files\Spybot - Search & Destroy
    2008-04-07 21:00 --------- dc----w C:\Program Files\Kaspersky Lab
    2008-04-07 05:50 --------- dc----w C:\Program Files\Yahoo!
    2008-04-07 02:07 --------- dc----w C:\Program Files\Avant Browser
    2008-04-04 03:30 31,938 -c--a-w C:\WINDOWS\system32\tcpipbak.reg
    2008-04-03 21:11 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\URSoft
    2008-04-03 05:32 --------- dc----w C:\Program Files\Lavasoft
    2008-04-03 01:49 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Auslogics
    2008-04-03 01:20 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\IconTweaker
    2008-04-02 00:22 --------- dc----w C:\Program Files\Dachshund Software
    2008-04-01 23:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Lavasoft
    2008-04-01 23:31 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\AdobeUM
    2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Sonic
    2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Leadertech
    2008-04-01 02:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\JP Software
    2008-03-30 23:11 --------- dc----w C:\Program Files\CBS Software
    2008-03-30 05:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\acccore
    2008-03-30 02:59 --------- dc----w C:\Program Files\AIM6
    2008-03-30 02:59 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-03-30 02:57 --------- dc----w C:\Program Files\Common Files\AOL
    2008-03-29 21:50 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\InstallShield
    2008-03-25 11:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\PC Tools
    2008-03-21 11:48 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\BinarySense
    2008-03-21 11:36 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\tor
    2008-03-21 11:19 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Mask Surf Standard
    2008-03-20 18:36 --------- dc----w C:\Documents and Settings\Administrator.STEPHEN\Application Data\Uniblue
    2008-03-20 18:06 --------- dc----w C:\Program Files\Uniblue
    2008-03-20 17:47 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Uniblue
    2008-03-20 09:13 --------- dc----w C:\Program Files\Java
    2008-03-19 16:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DMCache
    2008-03-19 09:47 1,845,248 -c--a-w C:\WINDOWS\system32\win32k.sys
    2008-03-15 00:52 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint
    2008-03-14 19:54 --------- dc----w C:\Program Files\Microsoft Silverlight
    2008-03-14 08:59 --------- dc----w C:\Program Files\Remove on Reboot
    2008-03-14 04:47 --------- dc----w C:\Program Files\MySpace
    2008-03-13 08:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\gtk-2.0
    2008-03-13 08:47 --------- dc----w C:\Program Files\PidginPortable
    2008-03-13 05:35 --------- dc----w C:\Program Files\Microsoft Works
    2008-03-13 04:21 --------- dc-h--w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\yahoo!
    2008-03-11 07:48 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DelinvFile
    2008-03-11 02:33 --------- dc----w C:\Program Files\Acesoft
    2008-03-11 01:40 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\TeamViewer
    2008-03-01 13:06 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
    2008-02-27 20:15 28,416 -c--a-w C:\WINDOWS\system32\uxtuneup.dll
    2008-02-23 06:01 675,328 -c--a-w C:\WINDOWS\is-L7F12.exe
    2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
    2007-12-04 02:07 2 -cshatr C:\WINDOWS\winstart.bat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
    "ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 15:21 135168]
    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
    "SQ931STI"="C:\WINDOWS\SQ931STI.EXE" [2007-01-24 14:24 151552]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 22:22 794713]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 11:08 135168]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 11:08 159744]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 11:07 131072]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "1"= love.exe

    [HKLM\~\startupfolder\C:^Documents and Settings^Stephen Matthews.STEPHEN^Start Menu^Programs^StartUp^HDDlife.lnk]
    backup=C:\WINDOWS\pss\HDDlife.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2008-04-24 08:49]
    R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service []
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
    R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 06:01]
    S3 SQ931;USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\Capt931a.sys [2007-03-27 17:44]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 13:46]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61825c52-ed79-11dc-b43f-0014a5f0bae9}]
    \Shell\AutoRun\command - F:\setupSNK.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - COMHOST
    *Newly Created Service* - RADDRVV3
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-03 15:49:47 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Stephen Matthews.job"
    - C:\PROGRA~1\Norton Internet Security\Norton AntiVirus\Navw32.exe
    "2008-04-24 20:17:03 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-11 12:43:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-05-11 12:46:32
    ComboFix-quarantined-files.txt 2008-05-11 19:46:27

    Pre-Run: 32,881,324,032 bytes free
    Post-Run: 32,939,630,592 bytes free

    255 --- E O F --- 2008-04-28 02:20:07
     
  7. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:28:59 PM, on 5/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\system32\rserver30\RServer3.exe
    C:\WINDOWS\system32\love.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\SQ931STI.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\rserver30\FamItrfc.Exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKCU\..\Policies\Explorer\Run: [] C:\WINDOWS\system32\config\sysrestore.exe -s
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: StartupFaster
    O4 - Global Startup: StartupFaster
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\Software\..\Telephony: DomainName =
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
    O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avp - GRISOFT, s.r.o. - (no file)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 9826 bytes
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,317
    First Name:
    Karen
    I just wanted to let you know that I haven't forgotten you but I won't be able to get to that log until tomorrow morning.
     
  9. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    oh don't worry i can wait it's all cool....someone looked at it and i've tried everything i've run scans with norton internet security...nod32.....kaspersky internet security.....spyeraser (uniblue)....Spybot Search and Destroy....XoftSpy SE.....and quite a few online scanners.....and they've picked up nothing but cookies and when i delete this file known as love.exe i get an error saying it's missing ot of my system32 folder....but i can wait no problem....thanks for the help so far...i really appreciate it
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,317
    First Name:
    Karen
    Go to the following link and upload the following file(s) for analysis and let me know what the results are please:

    http://virusscan.jotti.org/

    C:\WINDOWS\is-L7F12.exe


    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\WINDOWS\system32\S.BAT
    C:\WINDOWS\system32\love.exe
    C:\WINDOWS\winstart.bat
    
    Folder::
    C:\WINDOWS\uninstall\F4U KeyGen Maker
    C:\Documents and Settings\All Users\Application Data\Trymedia
    C:\Program Files\Enigma Software Group
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint
    
    DirLook::
    C:\Setup
    C:\INCINERATE
    C:\WINDOWS\uninstall
    
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  11. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing


    but idk where it came from if you want me to delete it i can..
     
  12. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    ComboFix 08-05-11.1 - Stephen Matthews 2008-05-13 20:48:53.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.188 [GMT -7:00]
    Running from: C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Stephen Matthews.STEPHEN\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\love.exe
    C:\WINDOWS\system32\S.BAT
    C:\WINDOWS\winstart.bat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Trymedia
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-1271263650.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\-392803713.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\1469554372.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\155915928.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00\656290609.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1013624820.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-2015586220.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-51377543.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-825612810.swf
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-905540712.mtz
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1806120299.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\1879617777.mtz
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-1250051772.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-135678801.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\-729682611.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1759399190.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\1901163955.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02\407034558.ini
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\-135813659.swf
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1446580733.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1469502972.swf
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\1997079084.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\570236374.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\663702647.mts
    C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03\853263198.mts
    C:\Program Files\Enigma Software Group
    C:\WINDOWS\system32\i.txt
    C:\WINDOWS\system32\love.exe
    C:\WINDOWS\system32\S.BAT
    C:\WINDOWS\uninstall\F4U KeyGen Maker
    C:\WINDOWS\uninstall\F4U KeyGen Maker\setup.exe
    C:\WINDOWS\winstart.bat

    .
    ((((((((((((((((((((((((( Files Created from 2008-04-14 to 2008-05-14 )))))))))))))))))))))))))))))))
    .

    2008-05-13 20:40 . 2008-05-13 20:40 <DIR> d----c--- C:\WINDOWS\LastGood
    2008-05-12 20:46 . 2004-03-09 00:00 224,016 --a--c--- C:\WINDOWS\system32\TabCtl32.ocx
    2008-05-12 20:46 . 2004-03-09 00:00 132,880 --a--c--- C:\WINDOWS\system32\msinet.ocx
    2008-05-12 16:45 . 2007-09-18 15:24 676,224 --a--c--- C:\WINDOWS\system32\OGACheckControl.dll
    2008-05-10 20:42 . 2008-05-10 20:42 <DIR> d----c--- C:\Program Files\Trend Micro
    2008-05-07 20:52 . 2008-05-07 20:52 <DIR> d----c--- C:\Program Files\Radmin Viewer 3
    2008-05-07 18:32 . 2008-05-07 18:32 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Radmin
    2008-05-07 16:57 . 2008-05-10 19:27 <DIR> d----c--- C:\WINDOWS\system32\rserver30
    2008-05-06 17:58 . 2008-05-06 17:58 <DIR> d----c--- C:\WINDOWS\Migo Recover Lost Data
    2008-05-06 14:20 . 2008-05-06 14:20 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Aurora Web Editor
    2008-05-06 10:49 . 2008-05-06 16:05 <DIR> d----c--- C:\Program Files\Multimedia Australia
    2008-05-03 21:44 . 2008-05-05 17:55 <DIR> d----c--- C:\Program Files\SUPERAntiSpyware
    2008-05-03 21:44 . 2008-05-05 17:55 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\SUPERAntiSpyware.com
    2008-05-03 12:56 . 2008-05-03 12:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-05-01 21:44 . 2008-05-01 21:44 <DIR> d----c--- C:\Setup
    2008-05-01 20:56 . 2008-05-01 20:56 <DIR> d--hsc--- C:\INCINERATE
    2008-04-29 14:42 . 2008-04-29 14:42 <DIR> d----c--- C:\Program Files\Speed Gear 5
    2008-04-27 20:07 . 2008-04-27 20:40 <DIR> d----c--- C:\Program Files\Norton Internet Security
    2008-04-27 20:06 . 2008-04-27 20:35 123,952 --a--c--- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-04-27 20:06 . 2008-04-27 20:35 60,800 --a--c--- C:\WINDOWS\system32\S32EVNT1.DLL
    2008-04-27 20:05 . 2008-04-27 20:35 <DIR> d----c--- C:\Program Files\Symantec
    2008-04-27 19:15 . 2008-04-27 19:17 <DIR> d----c--- C:\WINDOWS\system32\Adobe
    2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_2_D1.prf
    2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\ES_1_D1.prf
    2008-04-26 11:51 . 2008-04-26 11:51 24 --a--c--- C:\WINDOWS\AM_D0.PRF
    2008-04-26 07:45 . 2008-04-26 07:45 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SRS Labs
    2008-04-26 07:45 . 2007-05-03 10:27 47,360 -ra--c--- C:\WINDOWS\system32\drivers\Surroundhp_kern_i386.sys
    2008-04-26 07:45 . 2007-05-03 10:27 46,592 -ra--c--- C:\WINDOWS\system32\drivers\tshd4_kern_i386.sys
    2008-04-26 07:45 . 2007-05-03 10:28 39,552 -ra--c--- C:\WINDOWS\system32\drivers\SRS_SSCFilter_i386.sys
    2008-04-26 07:45 . 2007-05-03 10:27 37,248 -ra--c--- C:\WINDOWS\system32\drivers\csiidecoder_kern_i386.sys
    2008-04-26 07:45 . 2007-05-03 10:27 32,000 -ra--c--- C:\WINDOWS\system32\drivers\wowhd_kern_i386.sys
    2008-04-25 21:06 . 2008-04-25 21:06 <DIR> d----c--- C:\Program Files\Google Hacks
    2008-04-25 15:12 . 2007-12-24 17:37 138,384 --a--c--- C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-04-24 21:00 . 2008-04-24 21:00 <DIR> d----c--- C:\Documents and Settings\Administrator.STEPHEN\Application Data\Lavasoft
    2008-04-23 18:56 . 2008-04-23 18:56 <DIR> d----c--- C:\Program Files\LimeWire
    2008-04-23 17:06 . 2008-04-23 17:06 71 --a--c--- C:\WINDOWS\SpotAuditor.INI
    2008-04-22 15:01 . 2008-04-22 15:01 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools Pro
    2008-04-22 14:56 . 2007-02-22 09:05 90,112 --a--c--- C:\Progr_.dll
    2008-04-22 14:38 . 2008-04-22 14:38 <DIR> d----c--- C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DAEMON Tools
    2008-04-22 14:38 . 2008-04-22 14:38 717,296 --a--c--- C:\WINDOWS\system32\drivers\sptd.sys
    2008-04-22 04:59 . 2008-04-22 04:59 1,409 --a--c--- C:\WINDOWS\system32\tmp621EE.FOT
    2008-04-22 04:59 . 2008-04-22 04:59 24 --a--c--- C:\WINDOWS\AM_D8.PRF
    2008-04-22 04:55 . 2008-04-26 11:26 <DIR> d----c--- C:\Program Files\Graffiti Studio 2.0
    2008-04-21 22:11 . 2008-05-13 20:49 <DIR> d----c--- C:\WINDOWS\uninstall
    2008-04-21 20:17 . 2008-04-21 20:17 16 --a--c--- C:\WINDOWS\system32\coh.cache
    2008-04-20 20:25 . 2008-04-20 20:25 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-04-20 20:13 . 2008-04-21 21:25 <DIR> d----c--- C:\Program Files\Wireless WEP Key Password Spy
    2008-04-18 19:01 . 2008-05-11 22:35 <DIR> d----c--- C:\Program Files\Speeditup Free
    2008-04-17 04:49 . 2007-12-19 11:06 172,032 --a--c--- C:\WINDOWS\system32\igfxres.dll
    2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\WINDOWS\OPTIONS
    2008-04-17 04:45 . 2008-04-17 04:45 <DIR> d----c--- C:\Program Files\Realtek
    2008-04-17 04:43 . 2008-01-31 21:45 53,248 --a--c--- C:\WINDOWS\system32\CSVer.dll
    2008-04-17 04:40 . 2008-04-17 04:40 <DIR> d----c--- C:\WINDOWS\system32\ENU
    2008-04-17 04:40 . 2007-10-18 15:51 126,976 --a--c--- C:\WINDOWS\system32\Imsmudlg.exe
    2008-04-16 22:59 . 2004-06-14 14:56 427,864 --a--c--- C:\WINDOWS\system32\XceedZip.dll
    2008-04-16 22:38 . 2008-04-16 22:46 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{36D03E21-363A-4CBC-9E13-A90BDCFAFB04}
    2008-04-14 14:52 . 2008-04-14 14:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-04-14 14:34 . 2008-04-19 09:21 <DIR> d----c--- C:\Program Files\XoftSpySE

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-14 02:53 675,328 -c--a-w C:\WINDOWS\is-L7F12.exe
    2008-05-14 02:22 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-05-14 02:15 --------- dc----w C:\Program Files\Common Files\Symantec Shared
    2008-05-13 03:43 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-05-13 03:30 73,216 -c--a-w C:\WINDOWS\ST6UNST.EXE
    2008-05-13 03:30 249,856 -c----w C:\WINDOWS\Setup1.exe
    2008-05-12 04:02 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\LimeWire
    2008-05-11 02:30 --------- dc----w C:\Program Files\Thinstall.VS
    2008-05-09 00:26 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\U3
    2008-05-08 02:35 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Thinstall
    2008-05-07 22:51 --------- dc----w C:\Program Files\FriendBlasterPro
    2008-05-06 00:58 --------- dc-h--w C:\Program Files\InstallShield Installation Information
    2008-05-06 00:55 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-05-03 21:01 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Registry Help Pro
    2008-05-03 20:47 --------- dc----w C:\Program Files\TuneUp Utilities 2008
    2008-05-03 20:46 307,968 -c--a-w C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-05-02 16:18 --------- dc----w C:\Documents and Settings\All Users\Application Data\iolo
    2008-04-30 16:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\iolo
    2008-04-30 16:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-04-30 00:14 --------- dc----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-04-28 03:39 6,596 -csha-w C:\WINDOWS\system32\drivers\fidbox2.idx
    2008-04-28 03:39 58,912 -csha-w C:\WINDOWS\system32\drivers\fidbox2.dat
    2008-04-28 03:35 805 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-04-28 03:35 10,740 -c--a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-04-26 13:54 --------- dc----w C:\Program Files\RegCure
    2008-04-24 01:52 --------- dc----w C:\Program Files\Microsoft Money 2006
    2008-04-20 20:10 --------- dc----w C:\Program Files\KGB Archiver 2
    2008-04-17 22:24 --------- dc----w C:\Program Files\Hewlett-Packard
    2008-04-17 11:40 --------- dc----w C:\Program Files\Intel
    2008-04-12 04:47 --------- dc----w C:\Program Files\Hitman Pro
    2008-04-11 06:55 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-04-11 03:57 164 -c--a-w C:\install.dat
    2008-04-08 03:42 32,300 -csha-w C:\WINDOWS\system32\drivers\fidbox.idx
    2008-04-08 03:42 2,331,424 -csha-w C:\WINDOWS\system32\drivers\fidbox.dat
    2008-04-07 23:46 --------- dc----w C:\Program Files\Spybot - Search & Destroy
    2008-04-07 21:00 --------- dc----w C:\Program Files\Kaspersky Lab
    2008-04-07 05:50 --------- dc----w C:\Program Files\Yahoo!
    2008-04-07 02:07 --------- dc----w C:\Program Files\Avant Browser
    2008-04-04 03:30 31,938 -c--a-w C:\WINDOWS\system32\tcpipbak.reg
    2008-04-03 21:11 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\URSoft
    2008-04-03 05:32 --------- dc----w C:\Program Files\Lavasoft
    2008-04-03 01:49 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Auslogics
    2008-04-03 01:20 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\IconTweaker
    2008-04-02 00:22 --------- dc----w C:\Program Files\Dachshund Software
    2008-04-01 23:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Lavasoft
    2008-04-01 23:31 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\AdobeUM
    2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Sonic
    2008-04-01 23:27 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Leadertech
    2008-04-01 02:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\JP Software
    2008-03-30 23:11 --------- dc----w C:\Program Files\CBS Software
    2008-03-30 05:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\acccore
    2008-03-30 02:59 --------- dc----w C:\Program Files\AIM6
    2008-03-30 02:57 --------- dc----w C:\Program Files\Common Files\AOL
    2008-03-29 21:50 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\InstallShield
    2008-03-25 11:51 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\PC Tools
    2008-03-21 11:48 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\BinarySense
    2008-03-21 11:36 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\tor
    2008-03-21 11:19 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Mask Surf Standard
    2008-03-20 18:36 --------- dc----w C:\Documents and Settings\Administrator.STEPHEN\Application Data\Uniblue
    2008-03-20 18:06 --------- dc----w C:\Program Files\Uniblue
    2008-03-20 17:47 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\Uniblue
    2008-03-20 09:13 --------- dc----w C:\Program Files\Java
    2008-03-19 16:53 --------- dc----w C:\Documents and Settings\Stephen Matthews.STEPHEN\Application Data\DMCache
    2008-03-19 09:47 1,845,248 -c--a-w C:\WINDOWS\system32\win32k.sys
    2008-03-14 19:54 --------- dc----w C:\Program Files\Microsoft Silverlight
    2008-03-14 08:59 --------- dc----w C:\Program Files\Remove on Reboot
    2008-03-14 04:47 --------- dc----w C:\Program Files\MySpace
    2008-03-01 13:06 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
    2008-02-27 20:15 28,416 -c--a-w C:\WINDOWS\system32\uxtuneup.dll
    2008-02-20 06:51 282,624 -c--a-w C:\WINDOWS\system32\gdi32.dll
    2008-02-20 05:32 45,568 -c--a-w C:\WINDOWS\system32\dnsrslvr.dll
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\INCINERATE ----

    2008-05-01 21:38 65 ---hsc--- C:\INCINERATE\desktop.ini
    2008-05-01 20:58 0 --a--c--- C:\INCINERATE\info.shr

    ---- Directory of C:\Setup ----

    2008-05-01 21:44 4090214 --a--c--- C:\Setup\Setup.exe

    ---- Directory of C:\WINDOWS\uninstall ----

    2008-04-21 22:11 417802 --a--c--- C:\WINDOWS\uninstall\F4U KeyGen Maker\setup.exe


    ((((((((((((((((((((((((((((( [email protected]_12.46.12.43 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-05-11 03:32:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-05-13 11:52:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2008-04-30 15:00:41 217,864 -c--a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    + 2008-05-14 02:16:17 217,864 -c--a-r C:\WINDOWS\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe
    - 2008-04-30 15:01:50 20,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    + 2008-05-14 02:22:42 20,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
    - 2008-04-30 15:01:50 184,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    + 2008-05-14 02:22:42 184,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
    - 2008-04-30 15:01:50 217,864 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    + 2008-05-14 02:22:42 217,864 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
    - 2008-04-30 15:01:50 18,704 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    + 2008-05-14 02:22:42 18,704 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
    - 2008-04-30 15:01:51 35,088 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    + 2008-05-14 02:22:42 35,088 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
    - 2008-04-30 15:01:50 922,384 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    + 2008-05-14 02:22:42 922,384 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
    - 2008-04-30 15:01:51 888,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    + 2008-05-14 02:22:42 888,080 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
    - 2008-04-30 15:01:50 1,172,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    + 2008-05-14 02:22:42 1,172,240 -c--a-r C:\WINDOWS\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 15:44 178712]
    "Aim6"="" []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 08:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
    "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 15:21 135168]
    "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
    "SQ931STI"="C:\WINDOWS\SQ931STI.EXE" [2007-01-24 14:24 151552]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 22:22 794713]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-19 11:08 135168]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-19 11:08 159744]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-19 11:07 131072]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 02:04 84640]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 20:22 26248]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 13:32 8699904]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegedit"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveSearch"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
    "1"= love.exe

    [HKLM\~\startupfolder\C:^Documents and Settings^Stephen Matthews.STEPHEN^Start Menu^Programs^StartUp^HDDlife.lnk]
    backup=C:\WINDOWS\pss\HDDlife.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R1 raddrvv3;raddrvv3;C:\WINDOWS\system32\rserver30\raddrvv3.sys [2008-04-24 08:49]
    R2 RServer3;Radmin Server V3;"C:\WINDOWS\system32\rserver30\RServer3.exe" /service []
    R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
    R3 mirrorv3;mirrorv3;C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 06:01]
    S3 SQ931;USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\Capt931a.sys [2007-03-27 17:44]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-03 13:46]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - COMHOST
    .
    Contents of the 'Scheduled Tasks' folder
    "2008-05-03 15:49:47 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Stephen Matthews.job"
    - C:\PROGRA~1\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
    "2008-04-24 20:17:03 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
    - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-13 20:51:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-05-13 20:53:49
    ComboFix-quarantined-files.txt 2008-05-14 03:53:10
    ComboFix2.txt 2008-05-11 19:46:33

    Pre-Run: 32,640,311,296 bytes free
    Post-Run: 32,675,254,272 bytes free

    301 --- E O F --- 2008-04-28 02:20:07
     
  13. bigdaddysjm09

    bigdaddysjm09 Thread Starter

    Joined:
    Jan 9, 2008
    Messages:
    108
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:49:44 AM, on 5/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\Explorer.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\system32\rserver30\RServer3.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\WINDOWS\SQ931STI.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\rserver30\FamItrfc.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Avant Browser\avant.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [SQ931STI] C:\WINDOWS\SQ931STI.EXE
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O4 - Startup: StartupFaster
    O4 - Global Startup: StartupFaster
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL...-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\Software\..\Telephony: DomainName =
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain =
    O23 - Service: Ad-Aware 2007 Service (aawservice) - - (no file)
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avp - GRISOFT, s.r.o. - (no file)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

    --
    End of file - 9718 bytes
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,317
    First Name:
    Karen
    I'd like someone to check that file out so please do this:

    Go to the forum here and upload this (these) file(s):

    C:\WINDOWS\is-L7F12.exe

    Here are the directions for uploading the file:

    Just click "New Topic", fill in the needed details and post a link to your thread here. Click the "Browse" button. Navigate to the file on your computer. When the file is listed in the window click "Post" to upload the file.
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,317
    First Name:
    Karen
    Did you set this policy to stop the infection from running?

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er\disallowrun]
    "1"= love.exe


    Please delete this folder:

    C:\WINDOWS\uninstall


    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Please run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    Choose the "Extended database" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from the SuperAntiSpyware and Kaspersky scans.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/701463

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice