Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Malware Removal

1K views 2 replies 1 participant last post by  domlud 
#1 ·
Can you please help me in removing this spyware, I lost control of my computer. thanks so much for your support!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:53:36 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Windows Defender\MsMpEng.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\Program Files\Common Files\Command Software\dvpapi.exe
D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Windows Defender\MSASCui.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\WINDOWS\system32\LVComsX.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSI\PasswordKeeper\PasswordKeeper.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=en-CA
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS\about.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - D:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PrintMe - {97387E2B-B2FA-4E4A-A607-F3B5C134F71C} - D:\Program Files\EFI\PrintMeToolbar\htpmcap.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "D:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ISUSPM Startup] D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "D:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [VBTUCopy] D:\Program Files\VBTUCopy\VBTUCopy.exe /a /f
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [LDM] D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpywareBot] D:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2052111302-651377827-682003330-1008\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2052111302-651377827-682003330-1008\..\Run: [EasyLinkAdvisor] "D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\S-1-5-21-2052111302-651377827-682003330-1011\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (User 'Maria')
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - D:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O15 - Trusted Zone: http://www.abunawaf.com
O15 - Trusted Zone: http://www.ecopy.com
O15 - Trusted Zone: http://members.home.nl
O15 - Trusted Zone: http://www.onecomputerguy.com
O15 - Trusted Zone: http://*.youtube.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - https://meeting.usa.canon.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n020p/EN/install/gtdownlr.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} - http://activex.matcash.com/speedtest2.dll
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.shockwave.com/content/weddingdash/sis/WeddingDash.1.0.0.47.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{05E25A68-9023-48C6-B69C-8E85DB15BDA6}: NameServer = 206.47.244.87,206.47.244.59
O17 - HKLM\System\CS2\Services\Tcpip\..\{05E25A68-9023-48C6-B69C-8E85DB15BDA6}: NameServer = 206.47.244.87,206.47.244.59
O17 - HKLM\System\CS3\Services\Tcpip\..\{05E25A68-9023-48C6-B69C-8E85DB15BDA6}: NameServer = 206.47.244.87,206.47.244.59
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: ModuleUsage - D:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - D:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - D:\Program Files\LogMeIn\RaMaint.exe (file missing)
O23 - Service: LogMeIn - Unknown owner - D:\Program Files\LogMeIn\LogMeIn.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - D:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - D:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - D:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WUSB300NSvc - Unknown owner - D:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - D:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13457 bytes
 
See less See more
#2 ·
D:\Documents and Settings\LocalService\Application Data\NetMon
D:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
D:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
D:\Program Files\Common Files\inetget
D:\Program Files\outlook
D:\WINDOWS\system32\bszip.dll
D:\WINDOWS\system32\cmd.com
D:\WINDOWS\system32\guard.tmp
D:\WINDOWS\system32\MabryObj.dll
D:\WINDOWS\system32\netstat.com
D:\WINDOWS\system32\ping.com
D:\WINDOWS\system32\taskkill.com
D:\WINDOWS\system32\tasklist.com
D:\WINDOWS\system32\tracert.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\nm

((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-20 21:53 . 2007-12-20 21:53 d-------- D:\Program Files\Trend Micro
2007-12-11 23:16 . 2007-12-11 23:16 d--hs---- D:\FOUND.035
2007-12-09 17:01 . 2007-12-09 17:01 d-------- D:\Documents and Settings\All Users\Application Data\Zylom
2007-12-07 16:53 . 2007-12-07 16:53 d-------- D:\Documents and Settings\All Users\Application Data\Fugazo
2007-12-03 12:13 . 2007-12-03 12:13 d---s---- D:\Documents and Settings\Maria.DELLWINXP\UserData
2007-12-02 15:24 . 2007-12-02 15:24 d--hs---- D:\FOUND.034
2007-11-29 23:04 . 2007-11-29 23:04 d-------- D:\Documents and Settings\Dominic \Application Data\Gaijin Ent
2007-11-21 20:13 . 2007-11-21 20:13 d-------- D:\Program Files\Adware Away
2007-11-21 20:13 . 2007-11-21 20:13 256 --a------ D:\WINDOWS\adaway.lic
2007-11-21 18:07 . 2007-11-21 18:07 d-------- D:\Documents and Settings\Dominic \Application Data\SpywareBot
2007-11-21 18:06 . 2007-11-21 18:06 d-------- D:\Program Files\SpywareBot
2007-11-21 11:42 . 2007-11-21 11:42 d--hs---- D:\FOUND.033

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-14 07:26 450,560 ----a-w D:\WINDOWS\system32\dllcache\jscript.dll
2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 02:59 101,216 ----a-w D:\Documents and Settings\Dominic \Application Data\GDIPFONTCACHEV1.DAT
2007-11-11 02:33 127,034 ------r D:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-11-11 02:26 --------- d-----w D:\Documents and Settings\Dominic \Application Data\Logitech
2007-11-08 02:59 --------- d-----w D:\Documents and Settings\All Users\Application Data\HotSync
2007-11-08 02:58 53,248 ----a-w D:\WINDOWS\PalmDevC.dll
2007-11-08 02:58 16,694 ----a-w D:\WINDOWS\system32\drivers\PalmUSBD.sys
2007-11-08 02:58 --------- d-----w D:\Program Files\palmOne
2007-11-08 02:58 --------- d-----w D:\Documents and Settings\Dominic Ludovico\Application Data\HotSync
2007-10-30 09:55 3,065,856 ----a-w D:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-29 22:43 1,287,680 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w D:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w D:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-27 22:40 222,720 ------w D:\WINDOWS\system32\wmasf.dll
2007-10-26 03:44 --------- d-----w D:\Program Files\Common Files\Macromedia
2007-10-26 03:34 8,460,288 ----a-w D:\WINDOWS\system32\dllcache\shell32.dll
2007-10-24 03:53 --------- d-----w D:\Program Files\SelfTest
2007-10-23 03:45 --------- d-----w D:\Program Files\TestEngine
2007-10-11 05:57 96,256 ----a-w D:\WINDOWS\system32\dllcache\inseng.dll
2007-10-11 05:57 666,112 ----a-w D:\WINDOWS\system32\dllcache\wininet.dll
2007-10-11 05:57 617,984 ----a-w D:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-11 05:57 55,808 ----a-w D:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-11 05:57 532,480 ----a-w D:\WINDOWS\system32\dllcache\mstime.dll
2007-10-11 05:57 474,112 ----a-w D:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 449,024 ----a-w D:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-11 05:57 39,424 ----a-w D:\WINDOWS\system32\dllcache\pngfilt.dll
2007-10-11 05:57 357,888 ----a-w D:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-10-11 05:57 251,904 ----a-w D:\WINDOWS\system32\dllcache\iepeers.dll
2007-10-11 05:57 205,824 ----a-w D:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-11 05:57 16,384 ----a-w D:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-11 05:57 151,040 ------w D:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 146,432 ----a-w D:\WINDOWS\system32\dllcache\msrating.dll
2007-10-11 05:57 1,498,112 ----a-w D:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w D:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ----a-w D:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 10:48 18,432 ----a-w D:\WINDOWS\system32\dllcache\iedw.exe
2007-05-19 20:52 100,280 ----a-w D:\Documents and Settings\LogMeInRemoteUser\Application Data\GDIPFONTCACHEV1.DAT
2006-07-28 04:40 225,280 ----a-w D:\Program Files\Uninstall My Global Search Bar.dll
2005-07-22 23:18 157 ----a-w D:\Program Files\INSTALL.LOG
2003-08-27 19:19 36,963 ----a-r D:\Program Files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"EasyLinkAdvisor"="D:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16]
"LDM"="D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-11 10:55]
"SpywareBot"="D:\Program Files\SpywareBot\SpywareBot.exe" [2007-11-20 14:41]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxioDragToDisc"="D:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 09:00]
"Windows Defender"="D:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-10-24 04:06]
"ISUSPM Startup"="D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"ISUSScheduler"="D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 05:03]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"LogMeIn GUI"="D:\Program Files\LogMeIn\LogMeInSystray.exe" []
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22]
"VBTUCopy"="D:\Program Files\VBTUCopy\VBTUCopy.exe" [2007-01-19 18:57]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-02-01 22:23]
"msnmsgr"="D:\Program Files\MSN Messenger\msgs.exe" [2006-07-29 19:34]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"AVG7_Run"="D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 04:06]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2002-01-08 16:05]
"DWQueuedReporting"="D:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-11 10:55:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=D:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
backup=D:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=D:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Broadband Networking.lnk]
backup=D:\WINDOWS\pss\Microsoft Broadband Networking.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^NetAssistant.lnk]
backup=D:\WINDOWS\pss\NetAssistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
backup=D:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^SecureDoc.lnk]
backup=D:\WINDOWS\pss\SecureDoc.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^Dominic Ludovico^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=D:\Documents and Settings\Dominic Ludovico\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=D:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 03:56 15360 --a------ D:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2003-05-15 16:41 163840 --a------ D:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 09:36 256576 --a------ D:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2007-11-11 10:55 67128 --a------ D:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
D:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
D:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PasswordManagerXP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
D:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-27 02:04 32768 --a------ D:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 14:20 94208 -ra------ D:\WINDOWS\SM1BG.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSA.exe]
2006-09-27 15:08 1992184 --a------ D:\Program Files\Bell\Sympatico Security Advisor\SSA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

R1 DLARTL_M;DLARTL_M;D:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 20:06]
R2 BppPort;BppPort;D:\WINDOWS\system32\drivers\BPP.SYS [2000-10-04 17:35]
R2 elagopro;GoProto Protocol Driver for LELA;D:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 12:57]
R2 elaunidr;UniDriver for LELA;D:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 12:57]
R2 UMAXPCLS;Print Port Scanner Driver;D:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 13:58]
S2 LMIInfo;LogMeIn Kernel Information Provider;D:\Program Files\LogMeIn\RaInfo.sys []
S3 DDCCI;DDC/CI monitor;D:\WINDOWS\system32\DRIVERS\Moni2c.sys [2005-01-25 10:21]
S3 dump_wmimmc;dump_wmimmc;D:\WINDOWS\system32\drivers\dump_wmimmc.sys []
S3 LMImirr;LMImirr;D:\WINDOWS\system32\DRIVERS\LMImirr.sys []
S3 NDSPCIIO;NDSPCIIO;D:\WINDOWS\system32\DRIVERS\NDSPCIIO.SYS []
S3 ser2plms;Microsoft USB GPS driver;D:\WINDOWS\system32\DRIVERS\ser2plms.sys [2006-08-17 18:56]
S4 ATICDSDr;ATICDSDr;D:\DOCUME~1\ADMINI~1.DEL\LOCALS~1\Temp\ATICDSDr.sys []
S4 pohci13F;pohci13F;D:\DOCUME~1\Michelle\LOCALS~1\Temp\pohci13F.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e61e7a8-8964-11da-95e0-0050fc5c938f}]
\Shell\AutoRun\command - K:\setupSNK.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-20 07:29:40 D:\WINDOWS\Tasks\MP Scheduled Scan.job"
- D:\Program Files\Windows Defender\MpCmdRun.exe
"2006-12-30 02:44:00 D:\WINDOWS\Tasks\AA5BBBDF9184307F.job"
- d:\progra~1\realbl~1\onceballref.exe
"2007-12-02 04:15:06 D:\WINDOWS\Tasks\Dominic's Main Backup.job"
- D:\WINDOWS\system32\ntbackup.exegbackup
"2007-12-21 03:15:48 D:\WINDOWS\Tasks\SpywareBot Scheduled Scan.job"
- D:\Program Files\SpywareBot\SpywareBot.ex
- D:\Program Files\SpywareBot
"2006-12-30 02:44:00 D:\WINDOWS\Tasks\A708FF38943F7768.job"
- d:\progra~1\realbl~1\onceballref.exe
"2006-12-30 02:44:06 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2006-12-30 02:44:00 D:\WINDOWS\Tasks\A69115F9933E8239.job"
- d:\docume~1\maria~1.del\applic~1\realbl~1\onceballref.exe
"2006-12-30 02:43:58 D:\WINDOWS\Tasks\AEDED2E091B5432C.job"
- d:\docume~1\michel~1.del\applic~1\realbl~1\onceballref.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 22:15:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-20 22:17:11 - machine was rebooted
.
2007-12-18 22:04:36 --- E O F ---
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top