1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Msn Messenger Virus Need Help.

Discussion in 'Virus & Other Malware Removal' started by nezhaniswinnie, Nov 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    Hey,

    I'm a having problems with my msn live messenger. I am sharing my laptop with my elder sister and she happens to receive a file that has beem sent through one of her contacts in her msn messenger account.- download of pics. She accepted the file and opened it - no pics.

    eversince then, both my sister and i got affected everytime we logged in to the messenger. every once in a while the mouse freezes up there is flashes of MSN Messenger tabbed chats on my screen. and i realise it's a kind of virus/worm that is going around the msn contact. so, i really your help to remove this msn virus cause it's irritating me as my friends are asking why i actually send them those picture downloads, when i actually did not do anything.

    please do help me. thank you.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:30:57 PM, on 11/7/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\ohprotig.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\srvany.exe
    C:\WINDOWS\system32\SurferClient.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\program files\altnet\points manager\points manager.exe
    C:\WINDOWS\system32\asrsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\wisptis.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKLM\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [MicrosoftUpdate] C:\WINDOWS\system32\MSServx.exe
    O4 - HKLM\..\Run: [Option Bib Logo Log] C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\BASH BOOB.exe
    O4 - HKLM\..\Run: [Application Layer Services] asrsvc.exe
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\lqqyrufq.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKCU\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Hanis\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hanis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
    O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
    O23 - Service: Auto HotKey Poller - Unknown owner - C:\WINDOWS\system32\winpol.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\ohprotig.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe

    --
    End of file - 9141 bytes
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • ...
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  5. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    Cheeseball81, before I proceed, the software tells me that for the removal of virus, it will reboot windows. that means my documents will be lost? Actually, i don't prefer rebooting the whole system. i only wanted to remove the virus without the any rebooting.
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rebooting means it's restarting the system. You might be confusing it with reformatting - which wipes everything out. 2 totally different things.
     
  7. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    ComboFix 07-11-08.1 - Hanis 2007-11-12 12:33:03.1 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.486 [GMT 8:00]
    Running from: C:\Documents and Settings\Hanis\Local Settings\Temporary Internet Files\Content.IE5\318KLK0R\ComboFix[1].exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006
    C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2006
    C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
    C:\Documents and Settings\Guest\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
    C:\Documents and Settings\Hanis\Application Data\macromedia\Flash Player\#SharedObjects\UUTHLSXV\iforex.com
    C:\Documents and Settings\Hanis\Application Data\macromedia\Flash Player\#SharedObjects\UUTHLSXV\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
    C:\Documents and Settings\Hanis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
    C:\Documents and Settings\Hanis\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
    C:\Documents and Settings\Hanis\Application Data\WinAntiVirus Pro 2006
    C:\Documents and Settings\Hanis\Application Data\WinAntiVirus Pro 2006\Logs\update.log
    C:\Documents and Settings\Hanis\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
    C:\Documents and Settings\Hanis\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
    C:\Documents and Settings\Hanis\Application Data\WinAntiVirus Pro 2006\PGE.dat
    C:\Program Files\Common Files\companion wizard
    C:\Program Files\Common Files\Companion Wizard\compwiz.exe
    C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
    C:\Program Files\Common Files\Companion Wizard\WapCHK{231E135C-0BF8-41E8-9C33-1013B4881AFE}.dll
    C:\Program Files\Common Files\companion wizard\WapCHK{26DAD9D7-6890-42F7-B41B-ADCAD0552EDC}.dll
    C:\Program Files\Common Files\companion wizard\WapCHK{481186AC-E2A4-4E17-AE05-3CCB3C32900A}.dll
    C:\Program Files\Common Files\companion wizard\WapCHK{B5524BDB-295C-4CA7-89A6-E8981A57754B}.dll
    C:\Program Files\Common Files\winantivirus pro 2006
    C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll
    C:\Program Files\Instant Messenger Names
    C:\Program Files\Instant Messenger Names\1.exe
    C:\Program Files\Instant Messenger Names\2.exe
    C:\Program Files\Instant Messenger Names\IM-svr.exe
    C:\Program Files\Instant Messenger Names\IMNames.exe
    C:\Program Files\Instant Messenger Names\main.exe
    C:\Program Files\VideoAccessCodec
    C:\Program Files\VideoAccessCodec\install.ico
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\dat.txt
    C:\WINDOWS\Fonts\acrsecI.fon
    C:\WINDOWS\msvb.dll
    C:\WINDOWS\NDNuninstall6_38.exe
    C:\WINDOWS\NDNuninstall7_22.exe
    C:\WINDOWS\NDNuninstall7_48.exe
    C:\WINDOWS\rs.txt
    C:\WINDOWS\search_res.txt
    C:\WINDOWS\sysdx.dll
    C:\WINDOWS\system32\_000006_.tmp.dll
    C:\WINDOWS\system32\bdeeg.bak1
    C:\WINDOWS\system32\bdeeg.bak2
    C:\WINDOWS\system32\bdeeg.ini
    C:\WINDOWS\system32\bdeeg.ini2
    C:\WINDOWS\system32\ciejeydj.exe
    C:\WINDOWS\system32\dwbjsced.exe
    C:\WINDOWS\system32\geedb.dll
    C:\WINDOWS\system32\hgglcrvp.exe
    C:\WINDOWS\system32\hhcteusm.dll
    C:\WINDOWS\system32\internet.exe
    C:\WINDOWS\system32\ndkqftvn.exe
    C:\WINDOWS\system32\nudweanc.exe
    C:\WINDOWS\system32\obwgwclu.exe
    C:\WINDOWS\system32\ohprotig.exe
    C:\WINDOWS\system32\stera.log
    C:\WINDOWS\system32\update.exe
    C:\WINDOWS\system32\vevaqfcr.exe
    C:\WINDOWS\system32\winpol.exe
    C:\WINDOWS\wsremover.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_AUTO_HOTKEY_POLLER
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_FOPN
    -------\LEGACY_VSPF
    -------\LEGACY_VSPF_HK
    -------\Auto HotKey Poller
    -------\DomainService
    -------\vspf
    -------\vspf_hk


    ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
    .

    2007-11-12 07:56 79,936 --a------ C:\WINDOWS\system32\eyugxeug.dll
    2007-11-12 07:53 88,128 --a------ C:\WINDOWS\system32\keoegtlu.dll
    2007-11-12 07:47 71,232 --a------ C:\WINDOWS\system32\hjgnevph.exe
    2007-11-11 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-11 00:57 81,472 --a------ C:\WINDOWS\system32\clgdocwv.dll
    2007-11-11 00:49 71,232 --a------ C:\WINDOWS\system32\wiulusyt.exe
    2007-11-10 00:24 77,888 --a------ C:\WINDOWS\system32\cmsfaqlg.dll
    2007-11-10 00:21 71,232 --a------ C:\WINDOWS\system32\ysjrtlne.exe
    2007-11-09 19:43 <DIR> d-------- C:\Documents and Settings\Hanis\Incomplete
    2007-11-09 10:47 80,448 --a------ C:\WINDOWS\system32\cwnhrwyv.dll
    2007-11-09 10:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-09 02:30 <DIR> d-------- C:\Program Files\Else plus
    2007-11-09 02:27 36,352 --a------ C:\WINDOWS\system32\efcywus.dll
    2007-11-08 12:19 71,232 --a------ C:\WINDOWS\system32\npuqfrnn.exe
    2007-11-07 11:45 71,232 --a------ C:\WINDOWS\system32\jyrgityy.exe
    2007-11-07 11:14 71,232 --a------ C:\WINDOWS\system32\opsjgwlc.exe
    2007-11-05 12:46 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-05 12:42 <DIR> d-------- C:\BackUpMSNCleaner
    2007-11-03 22:54 36,352 --a------ C:\WINDOWS\system32\vtuuroo.dll
    2007-11-03 22:50 36,352 --a------ C:\WINDOWS\system32\opnolii.dll
    2007-11-02 22:21 33,280 --a------ C:\WINDOWS\system32\xxywwwt.dll
    2007-11-02 22:20 33,280 --a------ C:\WINDOWS\system32\yaywvuu.dll
    2007-11-02 11:14 <DIR> d-------- C:\WINDOWS\pss
    2007-11-01 10:06 33,280 --a------ C:\WINDOWS\system32\xxyabxv.dll
    2007-11-01 09:37 33,280 --a------ C:\WINDOWS\system32\nnnkhhi.dll
    2007-11-01 09:36 33,280 --a------ C:\WINDOWS\system32\awtrstu.dll
    2007-11-01 09:36 10,752 -r-hs---- C:\WINDOWS\system32\asrsvc.exe
    2007-10-20 14:16 <DIR> d-------- C:\Program Files\mp3DirectCut
    2007-10-16 22:53 <DIR> d-------- C:\Program Files\Windows Journal Viewer
    2007-10-12 12:26 <DIR> d-------- C:\Documents and Settings\Hanis\Application Data\Apple Computer
    2007-10-12 12:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-12 12:24 <DIR> d-------- C:\Program Files\Apple Software Update
    2007-10-12 12:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-12 04:46 905 ----a-w C:\WINDOWS\Fonts\acrsecI.fon
    2007-10-09 12:35 408,092 ----a-w C:\WINDOWS\system32\MSServx.exe
    2007-10-08 05:18 --------- d-----w C:\Program Files\SystemDefender
    2007-09-26 06:20 --------- d-----w C:\Documents and Settings\Hanis\Application Data\Netscape
    2007-09-26 06:19 --------- d-----w C:\Program Files\Netscape
    2007-09-17 12:01 --------- d-----w C:\Program Files\JustZIPit
    2007-09-11 07:05 1,761 ----a-w C:\WINDOWS\Fonts\acrsecB.fon
    2007-08-29 10:27 464,112 ----a-w C:\WINDOWS\daffy.scr
    2007-08-29 10:27 461,308 ----a-w C:\WINDOWS\daffy.exe
    2007-08-29 10:27 40,960 ----a-w C:\WINDOWS\daffy.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-08-13 10:54 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
    2007-08-13 10:54 413,696 ----a-w C:\WINDOWS\system32\dllcache\vbscript.dll
    2007-08-13 10:54 33,792 ----a-w C:\WINDOWS\system32\dllcache\custsat.dll
    2007-08-13 10:54 191,488 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-13 10:54 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
    2007-08-13 10:54 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
    2007-08-13 10:45 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
    2007-08-13 10:45 78,336 ----a-w C:\WINDOWS\system32\dllcache\ieencode.dll
    2007-08-13 10:44 69,120 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-13 10:44 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
    2007-08-13 10:44 40,960 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
    2007-08-13 10:39 92,672 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-13 10:39 71,680 ----a-w C:\WINDOWS\system32\dllcache\admparse.dll
    2007-08-13 10:39 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
    2007-08-13 10:39 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
    2007-08-13 10:39 55,296 ----a-w C:\WINDOWS\system32\dllcache\iesetup.dll
    2007-08-13 10:38 491,520 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
    2007-08-13 10:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-13 10:36 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
    2007-08-13 10:36 36,352 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
    2007-08-13 10:35 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-13 10:32 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
    2007-08-13 10:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
    2007-08-13 10:18 60,416 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
    2007-08-13 10:01 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
    2007-08-13 10:01 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
    2006-11-13 12:39 84 ----a-w C:\Documents and Settings\Hanis\cmd2.cmd
    2006-11-13 12:39 110,592 ----a-w C:\Documents and Settings\Hanis\mtr.exe
    2004-08-03 21:00 774,144 ----a-w C:\Documents and Settings\dotnetfx\XPSPUI.DLL
    2004-08-03 21:00 647,168 ----a-w C:\Documents and Settings\dotnetfx\SITSETUP.DLL
    2004-08-03 21:00 487,424 ----a-w C:\Documents and Settings\dotnetfx\MSVCP70.DLL
    2004-08-03 21:00 40,960 ----a-w C:\Documents and Settings\dotnetfx\CMNRES.DLL
    2004-08-03 21:00 36,864 ----a-w C:\Documents and Settings\dotnetfx\SUITE.DLL
    2004-08-03 21:00 36,864 ----a-w C:\Documents and Settings\dotnetfx\DELTEMP.EXE
    2004-08-03 21:00 344,064 ----a-w C:\Documents and Settings\dotnetfx\MSVCR70.DLL
    2004-08-03 21:00 339,968 ----a-w C:\Documents and Settings\dotnetfx\TEMPLMGR.DLL
    2004-08-03 21:00 335,872 ----a-w C:\Documents and Settings\dotnetfx\GENCOMP.DLL
    2004-08-03 21:00 308 ----a-w C:\Documents and Settings\dotnetfx\DFFACT.DAT
    2004-08-03 21:00 286,720 ----a-w C:\Documents and Settings\dotnetfx\XPSPSCEN.DLL
    2004-08-03 21:00 274,432 ----a-w C:\Documents and Settings\dotnetfx\UIMGR.DLL
    2004-08-03 21:00 24,265,736 ----a-w C:\Documents and Settings\dotnetfx\DOTNETFX.EXE
    2004-08-03 21:00 233,472 ----a-w C:\Documents and Settings\dotnetfx\DFDEPUI.DLL
    2004-08-03 21:00 200,704 ----a-w C:\Documents and Settings\dotnetfx\XPSPREQS.DLL
    2004-08-03 21:00 200,704 ----a-w C:\Documents and Settings\dotnetfx\SVRGRMGR.DLL
    2004-08-03 21:00 192,512 ----a-w C:\Documents and Settings\dotnetfx\DEPMGR.DLL
    2004-08-03 21:00 163,840 ----a-w C:\Documents and Settings\dotnetfx\DFCHGFLD.DLL
    2004-08-03 21:00 155,648 ----a-w C:\Documents and Settings\dotnetfx\SETUPDB.DLL
    2004-08-03 21:00 147,456 ----a-w C:\Documents and Settings\dotnetfx\CDMGR.DLL
    2004-08-03 21:00 143,360 ----a-w C:\Documents and Settings\dotnetfx\DISKMGR.DLL
    2004-08-03 21:00 143,360 ----a-w C:\Documents and Settings\dotnetfx\ACCMGR.DLL
    2004-08-03 21:00 139,264 ----a-w C:\Documents and Settings\dotnetfx\SETLOG.DLL
    2004-08-03 21:00 135,168 ----a-w C:\Documents and Settings\dotnetfx\VALIDATE.DLL
    2004-08-03 21:00 135,168 ----a-w C:\Documents and Settings\dotnetfx\DFFACT.DLL
    2004-08-03 21:00 131,072 ----a-w C:\Documents and Settings\dotnetfx\HTMLLITE.DLL
    2004-08-03 21:00 129,720 ----a-w C:\Documents and Settings\dotnetfx\SETUP.EXE
    2004-08-03 21:00 122,880 ----a-w C:\Documents and Settings\dotnetfx\DEFHELP.DLL
    2004-08-03 21:00 118,784 ----a-w C:\Documents and Settings\dotnetfx\REBOOTST.EXE
    2004-08-03 21:00 10,694,464 ----a-w C:\Documents and Settings\dotnetfx\NDPSP.EXE
    2004-08-03 21:00 1,773 ----a-w C:\Documents and Settings\dotnetfx\BASELINE.DAT
    2007-01-23 13:35:10 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-01-23 13:33:40 8 --sh--r C:\WINDOWS\system32\21D33CA5AB.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}]
    C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
    C:\Program Files\RXToolBar\sfcont.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}]
    2007-11-03 22:50 36352 --a------ C:\WINDOWS\system32\opnolii.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0da615c-848d-40bd-a95f-22796762fdc8}]
    2007-11-12 07:56 79936 --a------ C:\WINDOWS\system32\eyugxeug.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-22 19:31]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-24 21:22]
    "nwiz"="nwiz.exe" [2005-03-24 21:22 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-03-24 21:22]
    "SoundMan"="SOUNDMAN.EXE" [2004-12-01 15:54 C:\WINDOWS\soundman.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-04-15 11:45 C:\WINDOWS\AGRSMMSG.exe]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-04-21 10:13]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2005-10-14 15:38]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:54]
    "SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "SurfNavigator"="C:\WINDOWS\system32\SurferClient.exe" [2007-01-28 12:14]
    "AutomatedSurfer"="C:\WINDOWS\system32\SurferClient.exe" [2007-01-28 12:14]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "AltnetPointsManager"="c:\program files\altnet\points manager\points manager.exe" [2006-07-19 17:01]
    "MicrosoftUpdate"="C:\WINDOWS\system32\MSServx.exe" [2007-10-09 20:35]
    "Application Layer Services"="asrsvc.exe" [2007-11-01 00:50 C:\WINDOWS\system32\asrsvc.exe]
    "Option Bib Logo Log"="C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Logo Start.exe" [2007-11-12 12:46]
    "320d18a1"="C:\WINDOWS\system32\keoegtlu.dll" [2007-11-12 07:53]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "SurfNavigator"="C:\WINDOWS\system32\SurferClient.exe" [2007-01-28 12:14]
    "AutomatedSurfer"="C:\WINDOWS\system32\SurferClient.exe" [2007-01-28 12:14]
    "book ante"="C:\DOCUME~1\Hanis\APPLIC~1\ELSEPL~1\AXISNEW.exe" [2007-11-09 02:29]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AutomatedSurfer"=C:\WINDOWS\system32\SurferClient.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-27 13:41:44]
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 14:06:22]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{634BBAB7-3F60-4426-944F-A62B9007F67F}"= C:\WINDOWS\system32\opnolii.dll [2007-11-03 22:50 36352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="LogonUI.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnolii]
    opnolii.dll 2007-11-03 22:50 36352 C:\WINDOWS\system32\opnolii.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geedb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messaging]
    C:\Program Files\Instant Messenger Names\IM-svr.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
    R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
    R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
    R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
    R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
    R2 SurferService;AutomatedSurfer;C:\WINDOWS\system32\srvany.exe
    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
    R4 DritekPortIO;Dritek General Port I/O;\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
    S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
    S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
    S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-06 15:55:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-12 03:00:06 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    "2007-11-12 03:00:02 C:\WINDOWS\Tasks\ADADC1DD918A7E25.job"
    - c:\docume~1\hanis\applic~1\elsepl~1\Thunkdeafgreat.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-12 12:45:36
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    MicrosoftUpdate = C:\WINDOWS\system32\MSServx.exe????????|???B???|????????8)5?8k%????w?g%?H)5?|?#????w??????#???#?9????R??H"5???????EventWrite?d?er?%[email protected]????g%????|??%[email protected]?????????%???#????????????|???BD?#?l??|,?#?????4?#????????|?&5???#?Q??|??5?m??|??#??&5????????|p?#??2?|9??????????? ??????B??#????B???w???B?????2?|????????p??|???BH???????X??????|?2?|?????2?|???|??????????5???#???5???????#?(?#?????????<???????D?#????|??#????|p??|????m??|???|??5??????&5?(?#?\??|?&5??&5?9??\??#????|?s?|[email protected]?????|[email protected]?|FA?|???|????????????????????p 5?(&5?T&5????|?????????????????&5?x%5?T&5??&5?????????T&5??!5?P??|??#??%5?T&5? &5????|?&5????|?!5?9??\[email protected]??????????????T&5?T&5??&5???#??&5?4?#???????#????|?r?|?????s?|?a?|???\?`?|[email protected]?????|0???????????????????????????????????????????????0???????????????????????????????????????????????????????8%?|??????????#[email protected]???????????0?#???????#??????%?|?????#?|????0????????#?|D?F?$???J?L??"%?(??????|[email protected]?>[email protected]?????>???????????????????????Ct?|??5? ??????????????????????????????????????|????"??????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-12 12:47:10 - machine was rebooted
    .
    --- E O F ---
     
  8. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:50:00 PM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\srvany.exe
    C:\WINDOWS\system32\SurferClient.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\program files\altnet\points manager\points manager.exe
    C:\WINDOWS\system32\asrsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
    O2 - BHO: (no name) - {634BBAB7-3F60-4426-944F-A62B9007F67F} - C:\WINDOWS\system32\opnolii.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: {8cdf2676-9722-f59a-db04-d848c516ad0b} - {b0da615c-848d-40bd-a95f-22796762fdc8} - C:\WINDOWS\system32\eyugxeug.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKLM\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [MicrosoftUpdate] C:\WINDOWS\system32\MSServx.exe
    O4 - HKLM\..\Run: [Application Layer Services] asrsvc.exe
    O4 - HKLM\..\Run: [Option Bib Logo Log] C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Logo Start.exe
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\keoegtlu.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKCU\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKCU\..\Run: [book ante] C:\DOCUME~1\Hanis\APPLIC~1\ELSEPL~1\AXISNEW.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hanis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O20 - Winlogon Notify: opnolii - C:\WINDOWS\SYSTEM32\opnolii.dll
    O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe

    --
    End of file - 9842 bytes
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download the Trial version of Superantispyware Pro (SAS):
    http://www.superantispyware.com/superantispyware.html?rid=3132


    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.
     
  10. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/13/2007 at 12:20 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3343
    Trace Rules Database Version: 1344

    Scan type : Complete Scan
    Total Scan Time : 00:20:27

    Memory items scanned : 407
    Memory threats detected : 5
    Registry items scanned : 4955
    Registry threats detected : 72
    File items scanned : 36018
    File threats detected : 91

    Adware.Vundo-Variant
    C:\WINDOWS\SYSTEM32\RWMZFADV.DLL
    C:\WINDOWS\SYSTEM32\RWMZFADV.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07091697-eb9e-4a65-9443-8a42bfa84a29}
    HKCR\CLSID\{07091697-EB9E-4A65-9443-8A42BFA84A29}
    HKCR\CLSID\{07091697-EB9E-4A65-9443-8A42BFA84A29}\InprocServer32
    HKCR\CLSID\{07091697-EB9E-4A65-9443-8A42BFA84A29}\InprocServer32#ThreadingModel
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\rwmzfadv
    C:\WINDOWS\SYSTEM32\GFXVYDOH.DLL
    C:\WINDOWS\SYSTEM32\CMSFAQLG.DLL
    C:\WINDOWS\SYSTEM32\CLGDOCWV.DLL
    C:\WINDOWS\SYSTEM32\CWNHRWYV.DLL
    C:\WINDOWS\SYSTEM32\EYUGXEUG.DLL

    Adware.Vundo Variant
    C:\WINDOWS\SYSTEM32\OPNOLII.DLL
    C:\WINDOWS\SYSTEM32\OPNOLII.DLL
    HKLM\Software\Classes\CLSID\{634BBAB7-3F60-4426-944F-A62B9007F67F}
    HKCR\CLSID\{634BBAB7-3F60-4426-944F-A62B9007F67F}
    HKCR\CLSID\{634BBAB7-3F60-4426-944F-A62B9007F67F}\InprocServer32
    HKCR\CLSID\{634BBAB7-3F60-4426-944F-A62B9007F67F}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{A8FA26E1-C23E-4F35-B02B-439584E15A7E}
    HKCR\CLSID\{A8FA26E1-C23E-4F35-B02B-439584E15A7E}
    HKCR\CLSID\{A8FA26E1-C23E-4F35-B02B-439584E15A7E}\InprocServer32
    HKCR\CLSID\{A8FA26E1-C23E-4F35-B02B-439584E15A7E}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\GEEDB.DLL
    HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{634BBAB7-3F60-4426-944F-A62B9007F67F}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{634BBAB7-3F60-4426-944F-A62B9007F67F}
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\opnolii
    HKCR\CLSID\{634BBAB7-3F60-4426-944F-A62B9007F67F}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    C:\WINDOWS\SYSTEM32\IIFGDCY.DLL
    C:\WINDOWS\SYSTEM32\VTUUROO.DLL
    C:\WINDOWS\SYSTEM32\EFCYWUS.DLL

    Trojan.WinFixer
    C:\WINDOWS\SYSTEM32\VTSQN.DLL
    C:\WINDOWS\SYSTEM32\VTSQN.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D82ED696-2E9F-4EFC-9096-B4FD7A4DBB4A}
    HKCR\CLSID\{D82ED696-2E9F-4EFC-9096-B4FD7A4DBB4A}
    HKCR\CLSID\{D82ED696-2E9F-4EFC-9096-B4FD7A4DBB4A}\InprocServer32
    HKCR\CLSID\{D82ED696-2E9F-4EFC-9096-B4FD7A4DBB4A}\InprocServer32#ThreadingModel

    Trojan.Downloader-NewJuan/VM
    C:\WINDOWS\SYSTEM32\YRUSXSHW.DLL
    C:\WINDOWS\SYSTEM32\YRUSXSHW.DLL

    Adware.eZula
    C:\WINDOWS\SYSTEM32\WMKHKMAD.EXE
    C:\WINDOWS\SYSTEM32\WMKHKMAD.EXE
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OHPROTIG.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\OBWGWCLU.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CIEJEYDJ.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DWBJSCED.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VEVAQFCR.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NUDWEANC.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\HGGLCRVP.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NDKQFTVN.EXE.VIR
    C:\WINDOWS\Prefetch\WMKHKMAD.EXE-32E69222.pf

    Adware.Lop
    [book ante] C:\DOCUME~1\HANIS\APPLIC~1\ELSEPL~1\AXISNEW.EXE
    C:\DOCUME~1\HANIS\APPLIC~1\ELSEPL~1\AXISNEW.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\AXISNEW.EXE
    C:\WINDOWS\Prefetch\AXISNEW.EXE-258D0485.pf

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
    C:\PROGRAM FILES\RXTOOLBAR\SFCONT.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}

    InstaFinderK BHO
    HKLM\Software\Classes\CLSID\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
    HKCR\CLSID\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
    HKCR\CLSID\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}
    HKCR\CLSID\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}\InprocServer32
    HKCR\CLSID\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}\InprocServer32#ThreadingModel
    HKCR\CLSID\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}\ProgID
    C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-90F0-F66AB581A933}

    Adware.RX Toolbar
    HKLM\Software\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32#ThreadingModel
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}

    Trojan.Downloader-Gen/DDC
    HKLM\System\ControlSet001\Services\DomainService
    HKLM\System\ControlSet003\Services\DomainService
    HKLM\System\CurrentControlSet\Services\DomainService
    C:\WINDOWS\SYSTEM32\OPSJGWLC.EXE
    C:\WINDOWS\SYSTEM32\JYRGITYY.EXE
    C:\WINDOWS\SYSTEM32\YSJRTLNE.EXE
    C:\WINDOWS\SYSTEM32\NPUQFRNN.EXE
    C:\WINDOWS\SYSTEM32\WIULUSYT.EXE
    C:\WINDOWS\SYSTEM32\HJGNEVPH.EXE

    Adware.Tracking Cookie
    C:\Documents and Settings\Hanis\Cookies\[email protected][2].txt
    C:\Documents and Settings\Hanis\Cookies\[email protected][2].txt
    C:\Documents and Settings\Hanis\Cookies\[email protected][2].txt
    C:\Documents and Settings\Hanis\Cookies\[email protected][1].txt
    C:\Documents and Settings\Hanis\Cookies\[email protected][1].txt
    C:\Documents and Settings\Hanis\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
    C:\Documents and Settings\Guest\Cookies\[email protected][1].txt

    Adware.WhenU
    HKCR\WUSE.1
    HKCR\WUSE.1#WUSE_Id

    Trojan.NewDotNet
    HKU\.DEFAULT\Software\New.net
    HKU\S-1-5-19\Software\New.net
    HKU\S-1-5-18\Software\New.net
    C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_48.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL7_22.EXE.VIR

    Malware.DriveCleaner
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\AvailableVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\AvailableVersion#Precache
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}\DownloadInformation#CODEBASE

    Malware.System Defender
    C:\Program Files\SystemDefender

    Spyware.RelevantKnowledge
    C:\WINDOWS\SYSTEM32\RKINSTALLER.EXE

    Adware.Vundo Variant/Rel
    C:\WINDOWS\SYSTEM32\NQSTV.BAK1

    Adware.Vundo-Variant/Small
    C:\WINDOWS\SYSTEM32\AWTRSTU.DLL
    C:\WINDOWS\SYSTEM32\NNNKHHI.DLL
    C:\WINDOWS\SYSTEM32\XXYABXV.DLL
    C:\WINDOWS\SYSTEM32\YAYWVUU.DLL
    C:\WINDOWS\SYSTEM32\XXYWWWT.DLL

    Adware.Lop-Gen
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\MORE ITCH.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\ACIDWMA.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\FAST FRAG.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\MEMO BOLD.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\2ANTE.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\WEBINTER.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\ARMY AMEN.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\FORD OPTION.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SCR THIRD HEART MESS\POLL MEDIA.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\DTNLTFSO.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\GRFYENBD.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\HRXWBHNW.EXE

    Adware.Lop-Variant
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LICENSE ADMIN OPTION BIB\AUDIO PURE.EXE
    C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LICENSE ADMIN OPTION BIB\LOGO START.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\JOYPOKEFORKBLUE.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\THUNKDEAFGREAT.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\AGUIUQSC.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\THUNKMEETPOKE.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\AGFABBZG.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\OFKMMAPO.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\YJLYUGAG.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\SSSVPPCL.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\MKVLLSDX.EXE
    C:\DOCUMENTS AND SETTINGS\HANIS\APPLICATION DATA\ELSE PLUS\ZATZBIRG.EXE
    C:\PROGRAM FILES\ADVERTS\UNINST.EXE
    C:\WINDOWS\Prefetch\THUNKDEAFGREAT.EXE-1C4C1537.pf
    C:\WINDOWS\Prefetch\LOGO START.EXE-06CCDD0A.pf

    Adware.Need2Find
    C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPND2FN.DLL

    Adware.PointsManager-Uninstaller
    C:\PROGRAM FILES\ALTNET\DOWNLOAD MANAGER\ALTNETUNINSTALL.EXE
     
  11. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:32:26 PM, on 11/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\WINDOWS\system32\SurferClient.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\srvany.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\program files\altnet\points manager\points manager.exe
    C:\WINDOWS\system32\asrsvc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKLM\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [MicrosoftUpdate] C:\WINDOWS\system32\MSServx.exe
    O4 - HKLM\..\Run: [Application Layer Services] asrsvc.exe
    O4 - HKLM\..\Run: [Option Bib Logo Log] C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Logo Start.exe
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\hnwfesvw.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKCU\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hanis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe

    --
    End of file - 8871 bytes
     
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Now please rerun ComboFix and post the results along with a new Hijack This log.
     
  13. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    ComboFix 07-11-08.1 - Hanis 2007-11-14 21:49:47.2 - FAT32x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.509 [GMT 8:00]
    Running from: C:\Documents and Settings\Hanis\Local Settings\Temporary Internet Files\Content.IE5\EP841EV4\ComboFix[1].exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\cookies.ini
    C:\WINDOWS\Fonts\acrsecI.fon
    C:\WINDOWS\system32\internet.exe
    C:\WINDOWS\system32\rwmzfadv.dllbox
    C:\WINDOWS\system32\update.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-10-14 to 2007-11-14 )))))))))))))))))))))))))))))))
    .

    2007-11-13 12:03 109,161 ---hs---- C:\WINDOWS\system32\nqstv.ini2
    2007-11-13 11:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-13 11:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-13 11:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-13 11:45 <DIR> d-------- C:\Documents and Settings\Hanis\Application Data\SUPERAntiSpyware.com
    2007-11-12 23:11 88,128 --a------ C:\WINDOWS\system32\hnwfesvw.dll
    2007-11-12 23:08 100,365 ---hs---- C:\WINDOWS\system32\nqstv.bak2
    2007-11-11 21:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-09 19:43 <DIR> d-------- C:\Documents and Settings\Hanis\Incomplete
    2007-11-09 10:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-09 02:30 <DIR> d-------- C:\Program Files\Else plus
    2007-11-05 12:46 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-05 12:42 <DIR> d-------- C:\BackUpMSNCleaner
    2007-11-02 11:14 <DIR> d-------- C:\WINDOWS\pss
    2007-11-01 09:36 10,752 -r-hs---- C:\WINDOWS\system32\asrsvc.exe
    2007-10-20 14:16 <DIR> d-------- C:\Program Files\mp3DirectCut
    2007-10-16 22:53 <DIR> d-------- C:\Program Files\Windows Journal Viewer

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-12 04:26 --------- d-----w C:\Documents and Settings\Hanis\Application Data\Apple Computer
    2007-10-12 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-10-12 04:24 --------- d-----w C:\Program Files\Apple Software Update
    2007-10-12 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-09 12:35 408,092 ----a-w C:\WINDOWS\system32\MSServx.exe
    2007-09-26 06:20 --------- d-----w C:\Documents and Settings\Hanis\Application Data\Netscape
    2007-09-26 06:19 --------- d-----w C:\Program Files\Netscape
    2007-09-17 12:01 --------- d-----w C:\Program Files\JustZIPit
    2007-09-11 07:05 1,761 ----a-w C:\WINDOWS\Fonts\acrsecB.fon
    2007-08-29 10:27 464,112 ----a-w C:\WINDOWS\daffy.scr
    2007-08-29 10:27 461,308 ----a-w C:\WINDOWS\daffy.exe
    2007-08-29 10:27 40,960 ----a-w C:\WINDOWS\daffy.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-08-20 10:04 824,832 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-20 10:04 671,232 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-08-20 10:04 477,696 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-08-20 10:04 3,584,512 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-20 10:04 27,648 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-20 10:04 193,024 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-08-20 10:04 132,608 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
    2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
    2007-08-20 10:04 1,152,000 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
    2006-11-13 12:39 84 ----a-w C:\Documents and Settings\Hanis\cmd2.cmd
    2006-11-13 12:39 110,592 ----a-w C:\Documents and Settings\Hanis\mtr.exe
    2004-08-03 21:00 774,144 ----a-w C:\Documents and Settings\dotnetfx\XPSPUI.DLL
    2004-08-03 21:00 647,168 ----a-w C:\Documents and Settings\dotnetfx\SITSETUP.DLL
    2004-08-03 21:00 487,424 ----a-w C:\Documents and Settings\dotnetfx\MSVCP70.DLL
    2004-08-03 21:00 40,960 ----a-w C:\Documents and Settings\dotnetfx\CMNRES.DLL
    2004-08-03 21:00 36,864 ----a-w C:\Documents and Settings\dotnetfx\SUITE.DLL
    2004-08-03 21:00 36,864 ----a-w C:\Documents and Settings\dotnetfx\DELTEMP.EXE
    2004-08-03 21:00 344,064 ----a-w C:\Documents and Settings\dotnetfx\MSVCR70.DLL
    2004-08-03 21:00 339,968 ----a-w C:\Documents and Settings\dotnetfx\TEMPLMGR.DLL
    2004-08-03 21:00 335,872 ----a-w C:\Documents and Settings\dotnetfx\GENCOMP.DLL
    2004-08-03 21:00 308 ----a-w C:\Documents and Settings\dotnetfx\DFFACT.DAT
    2004-08-03 21:00 286,720 ----a-w C:\Documents and Settings\dotnetfx\XPSPSCEN.DLL
    2004-08-03 21:00 274,432 ----a-w C:\Documents and Settings\dotnetfx\UIMGR.DLL
    2004-08-03 21:00 24,265,736 ----a-w C:\Documents and Settings\dotnetfx\DOTNETFX.EXE
    2004-08-03 21:00 233,472 ----a-w C:\Documents and Settings\dotnetfx\DFDEPUI.DLL
    2004-08-03 21:00 200,704 ----a-w C:\Documents and Settings\dotnetfx\XPSPREQS.DLL
    2004-08-03 21:00 200,704 ----a-w C:\Documents and Settings\dotnetfx\SVRGRMGR.DLL
    2004-08-03 21:00 192,512 ----a-w C:\Documents and Settings\dotnetfx\DEPMGR.DLL
    2004-08-03 21:00 163,840 ----a-w C:\Documents and Settings\dotnetfx\DFCHGFLD.DLL
    2004-08-03 21:00 155,648 ----a-w C:\Documents and Settings\dotnetfx\SETUPDB.DLL
    2004-08-03 21:00 147,456 ----a-w C:\Documents and Settings\dotnetfx\CDMGR.DLL
    2004-08-03 21:00 143,360 ----a-w C:\Documents and Settings\dotnetfx\DISKMGR.DLL
    2004-08-03 21:00 143,360 ----a-w C:\Documents and Settings\dotnetfx\ACCMGR.DLL
    2004-08-03 21:00 139,264 ----a-w C:\Documents and Settings\dotnetfx\SETLOG.DLL
    2004-08-03 21:00 135,168 ----a-w C:\Documents and Settings\dotnetfx\VALIDATE.DLL
    2004-08-03 21:00 135,168 ----a-w C:\Documents and Settings\dotnetfx\DFFACT.DLL
    2004-08-03 21:00 131,072 ----a-w C:\Documents and Settings\dotnetfx\HTMLLITE.DLL
    2004-08-03 21:00 129,720 ----a-w C:\Documents and Settings\dotnetfx\SETUP.EXE
    2004-08-03 21:00 122,880 ----a-w C:\Documents and Settings\dotnetfx\DEFHELP.DLL
    2004-08-03 21:00 118,784 ----a-w C:\Documents and Settings\dotnetfx\REBOOTST.EXE
    2004-08-03 21:00 10,694,464 ----a-w C:\Documents and Settings\dotnetfx\NDPSP.EXE
    2004-08-03 21:00 1,773 ----a-w C:\Documents and Settings\dotnetfx\BASELINE.DAT
    2007-01-23 13:35:10 3,140 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-01-23 13:33:40 8 --sh--r C:\WINDOWS\system32\21D33CA5AB.sys
    .

    ((((((((((((((((((((((((((((( [email protected]_12.46.30.10 )))))))))))))))))))))))))))))))))))))))))
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LaunchApp"="Alaunch" []
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 16:17]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 16:16]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" []
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-01-22 19:31]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-07-15 01:07]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-03-24 21:22]
    "nwiz"="nwiz.exe" [2005-03-24 21:22 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-03-24 21:22]
    "SoundMan"="SOUNDMAN.EXE" [2004-12-01 15:54 C:\WINDOWS\soundman.exe]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-04-15 11:45 C:\WINDOWS\AGRSMMSG.exe]
    "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-04-21 10:13]
    "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2005-10-14 15:38]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 05:00 C:\WINDOWS\system32\bthprops.cpl]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:54]
    "SemanticInsight"="C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe" []
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "SurfNavigator"="C:\WINDOWS\system32\SurferClient.exe" [2007-01-28 12:14]
    "AutomatedSurfer"="C:\WINDOWS\system32\SurferClient.exe" [2007-01-28 12:14]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "AltnetPointsManager"="c:\program files\altnet\points manager\points manager.exe" [2006-07-19 17:01]
    "MicrosoftUpdate"="C:\WINDOWS\system32\MSServx.exe" [2007-10-09 20:35]
    "Application Layer Services"="asrsvc.exe" [2007-11-01 00:50 C:\WINDOWS\system32\asrsvc.exe]
    "Option Bib Logo Log"="C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Logo Start.exe" []
    "320d18a1"="C:\WINDOWS\system32\hnwfesvw.dll" [2007-11-12 23:11]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
    "SurfNavigator"="C:\WINDOWS\system32\SurferClient.exe" [2007-01-28 12:14]
    "AutomatedSurfer"="C:\WINDOWS\system32\SurferClient.exe" [2007-01-28 12:14]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "AutomatedSurfer"=C:\WINDOWS\system32\SurferClient.exe

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 04:05:56]
    Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-27 13:41:44]
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2005-08-16 14:06:22]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost"="LogonUI.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messaging]
    C:\Program Files\Instant Messenger Names\IM-svr.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys
    R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys
    R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys
    R2 osaio;osaio;\??\C:\WINDOWS\system32\drivers\osaio.sys
    R2 osanbm;osanbm;\??\C:\WINDOWS\system32\drivers\osanbm.sys
    R2 SurferService;AutomatedSurfer;C:\WINDOWS\system32\srvany.exe
    R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
    R3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    R3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    R3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
    R4 DritekPortIO;Dritek General Port I/O;\??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys
    S3 SE2Bbus;Sony Ericsson Device 043 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Bbus.sys
    S3 SE2Bmdfl;Sony Ericsson Device 043 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Bmdfl.sys
    S3 SE2Bmdm;Sony Ericsson Device 043 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Bmdm.sys

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-13 15:55:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-11-14 13:00:00 C:\WINDOWS\Tasks\ADADC1DD918A7E25.job"
    - c:\docume~1\hanis\applic~1\elsepl~1\Thunkdeafgreat.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-14 21:53:03
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    MicrosoftUpdate = C:\WINDOWS\system32\MSServx.exe????????|???B???|????????8)5?8k%????w?g%?H)5?|?#????w??????#???#?9????R??H"5???????EventWrite?d?er?%[email protected]????g%????|??%[email protected]?????????%???#????????????|???BD?#?l??|,?#?????4?#????????|?&5???#?Q??|??5?m??|??#??&5????????|p?#??2?|9??????????? ??????B??#????B???w???B?????2?|????????p??|???BH???????X??????|?2?|?????2?|???|??????????5???#???5???????#?(?#?????????<???????D?#????|??#????|p??|????m??|???|??5??????&5?(?#?\??|?&5??&5?9??\??#????|?s?|???????????????|[email protected]?|FA?|???|????????????????????p 5?(&5?T&5????|?????????????????&5?x%5?T&5??&5?????????T&5??!5?P??|??#??%5?T&5? &5????|?&5????|?!5?9??\????????????????????T&5?T&5??&5???#??&5?4?#???????#????|?r?|?????s?|?a?|???\?`?|???????????|0???????????????????????????????????????????????0???????????????????????????????????????????????????????8%?|??????????#[email protected]???????????0?#???????#??????%?|?????#?|????0????????#?|D?F?$???J?L??"%?(??????|[email protected]?>[email protected]?????>???????????????????????Ct?|??5? ??????????????????????????????????????|????"??????????????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-14 21:54:07 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-12 12:47
    .
    --- E O F ---
     
  14. nezhaniswinnie

    nezhaniswinnie Thread Starter

    Joined:
    Nov 4, 2007
    Messages:
    13
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:57:52 PM, on 11/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\srvany.exe
    C:\WINDOWS\system32\SurferClient.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\program files\altnet\points manager\points manager.exe
    C:\WINDOWS\system32\asrsvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKLM\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
    O4 - HKLM\..\Run: [MicrosoftUpdate] C:\WINDOWS\system32\MSServx.exe
    O4 - HKLM\..\Run: [Application Layer Services] asrsvc.exe
    O4 - HKLM\..\Run: [Option Bib Logo Log] C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Logo Start.exe
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\hnwfesvw.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SurfNavigator] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKCU\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AutomatedSurfer] C:\WINDOWS\system32\SurferClient.exe (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Hanis\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.info/objects/NpFv415.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe

    --
    End of file - 8903 bytes
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

    O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s

    O4 - HKLM\..\Run: [MicrosoftUpdate] C:\WINDOWS\system32\MSServx.exe

    O4 - HKLM\..\Run: [Application Layer Services] asrsvc.exe

    O4 - HKLM\..\Run: [Option Bib Logo Log] C:\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Logo Start.exe

    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\hnwfesvw.dll",b


    Reboot and post another Hijack This log please.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/647911

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice