1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

safenavweb - Infcted with Spyware- use recommended software to get rid of it

Discussion in 'Virus & Other Malware Removal' started by RKMole, Apr 14, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    Hello - for the last day or two I have been getting messages like the one above. The virus/spyware (?) opens IE to: http://www.safenavweb.com/index.php?sid=502&pn=5&aid=921&said=0&pid=0

    Trend Micro PC-cillin has alerted me that it has removed a Trojan and I need to restart to clean my memory. I've done that several times and although some things are better (like I got my desktop back- it had changed it to a warning and to click to go to website to get it removed. Trend says that http://www.safenavweb.com/ is Dangerous, as Category Adware/Joke Program and suggests I close browser and not reopen this web site. Of course, that's one of the problems- it keeps opening it itself, over and over.

    I'd appreciate help with this annoyance. Thank you.
    Here's my HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:05:28 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\Documents and Settings\All Users\Application Data\sderaxob\uvedivet.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\QuickTime\QTTask.exe
    F:\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\WINDOWS\system32\ujsbwtmh.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PCCMAIN.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccHCMS.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commu...d_no=&daterange=2days&viewchange=OPENDATEDESC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {54BF6438-02AB-42AD-BC1D-31950D852B81} - (no file)
    O2 - BHO: (no name) - {75D62690-EBF8-4DBE-A03B-7463E643F4F2} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - (no file)
    O2 - BHO: (no name) - {A3045125-B6D2-4033-93B4-9FAA4E5F1781} - (no file)
    O2 - BHO: DVA Storm - {C796500F-4B97-4F2B-B886-11FA6B72F13F} - C:\WINDOWS\nslbvxpgrno.dll
    O2 - BHO: (no name) - {E0F0D14C-DA73-4D24-AE67-6F51C7287EF9} - C:\WINDOWS\system32\urqQiIcA.dll (file missing)
    O2 - BHO: (no name) - {EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9} - C:\WINDOWS\system32\xxyxULDv.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: sgoblxtm - {54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E} - C:\WINDOWS\sgoblxtm.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Auto EPSON Stylus C42 Series on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P34 "Auto EPSON Stylus C42 Series on B1" /O13 "\\B1\Basement" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\B1\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P35 "\\B1\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series (Copy 1) on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P50 "Auto EPSON Stylus Photo R300 Series (Copy 1) on B1" /O20 "\\B1\EpsonStylusR300" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\LAPTOP\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P14 "\\LAPTOP\EPSON" /O14 "\\LAPTOP\EPSON" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [brvnzizj] C:\WINDOWS\system32\ujsbwtmh.exe
    O4 - Startup: Epson printer Registration.lnk = E:\E_reg\EPSONREG.EXE
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136900030812
    O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
    O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O20 - AppInit_DLLs: 34.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: xxyxULDv - C:\WINDOWS\SYSTEM32\xxyxULDv.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: dsktbwfe - {7B37F747-6B51-4CC6-88D1-B12BDB46DC5B} - C:\WINDOWS\dsktbwfe.dll
    O21 - SSODL: ogxtsepr - {9DAF8F2A-EB78-40FC-A85F-DBA0F6AB869C} - C:\WINDOWS\ogxtsepr.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: PKSDGSY - Unknown owner - C:\DOCUME~1\Mom\LOCALS~1\Temp\PKSDGSY.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    Please visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:

    Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    Combofix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.

    Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

    Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.
     
  3. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    Hi - Thanks you for your help. I am sending the ComboFix log in this post and HJT log in the next post. Please advise.

    ComboFix 08-04-13.3 - Mom 2008-04-14 21:14:16.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.78 [GMT -4:00]Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\#SharedObjects\JM6RPSL4\www.broadcaster.com
    C:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
    C:\Documents and Settings\Mom\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
    C:\Documents and Settings\Mom\Desktopblackbird.jpg
    C:\Documents and Settings\Mom\DesktopEditorFKWP1.5.exe
    C:\Documents and Settings\Mom\DesktopEditorFKWP2.0.exe
    C:\Documents and Settings\Mom\Desktopfilemanagerclient.exe
    C:\Documents and Settings\Mom\Desktopfkwp1.5.exe
    C:\Documents and Settings\Mom\Desktopfkwp2.0.exe
    C:\Documents and Settings\Mom\Desktopfwebd.exe
    C:\Documents and Settings\Mom\DesktopFWebdEditor.exe
    C:\Documents and Settings\Mom\DesktopTrojan.Win32.BlackBird.exe
    C:\Documents and Settings\Mom\Desktopvirii
    C:\Documents and Settings\Mom\Favorites\Error Cleaner.url
    C:\Documents and Settings\Mom\Favorites\Privacy Protector.url
    C:\Documents and Settings\Mom\Favorites\Spyware&Malware Protection.url
    C:\Documents and Settings\Roger\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
    C:\Documents and Settings\Roger\Start Menu\Programs\Uninstall.lnk
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\Inet Delivery
    C:\Program Files\Inet Delivery\inetdl.exe
    C:\Program Files\Inet Delivery\intdel.exe
    C:\Program Files\PC-Cleaner
    C:\WINDOWS\a.bat
    C:\WINDOWS\base64.tmp
    C:\WINDOWS\bdn.com
    C:\WINDOWS\FVProtect.exe
    C:\WINDOWS\iTunesMusic.exe
    C:\WINDOWS\mslagent
    C:\WINDOWS\mslagent\2_mslagent.dll
    C:\WINDOWS\mslagent\mslagent.exe
    C:\WINDOWS\mslagent\uninstall.exe
    C:\WINDOWS\mssecu.exe
    C:\WINDOWS\privacy_danger
    C:\WINDOWS\privacy_danger\images\capt.gif
    C:\WINDOWS\privacy_danger\images\danger.jpg
    C:\WINDOWS\privacy_danger\images\down.gif
    C:\WINDOWS\privacy_danger\images\spacer.gif
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\system32\AcIiQqru.ini
    C:\WINDOWS\system32\AcIiQqru.ini2
    C:\WINDOWS\system32\CeLTCJlm.ini
    C:\WINDOWS\system32\CeLTCJlm.ini2
    C:\WINDOWS\system32\HgggNqss.ini
    C:\WINDOWS\system32\HgggNqss.ini2
    C:\WINDOWS\system32\nfrjoapa.ini
    C:\WINDOWS\system32\PsYxayxx.ini
    C:\WINDOWS\system32\PsYxayxx.ini2
    C:\WINDOWS\system32\xogkojod.ini
    C:\WINDOWS\system32\xxyxULDv.dll
    C:\WINDOWS\system32akttzn.exe
    C:\WINDOWS\system32anticipator.dll
    C:\WINDOWS\system32awtoolb.dll
    C:\WINDOWS\system32bdn.com
    C:\WINDOWS\system32bsva-egihsg52.exe
    C:\WINDOWS\system32dpcproxy.exe
    C:\WINDOWS\system32emesx.dll
    C:\WINDOWS\[email protected]@@k.dll
    C:\WINDOWS\system32hoproxy.dll
    C:\WINDOWS\system32hxiwlgpm.dat
    C:\WINDOWS\system32hxiwlgpm.exe
    C:\WINDOWS\system32medup012.dll
    C:\WINDOWS\system32medup020.dll
    C:\WINDOWS\system32msgp.exe
    C:\WINDOWS\system32msnbho.dll
    C:\WINDOWS\system32mssecu.exe
    C:\WINDOWS\system32msvchost.exe
    C:\WINDOWS\system32mtr2.exe
    C:\WINDOWS\system32mwin32.exe
    C:\WINDOWS\system32netode.exe
    C:\WINDOWS\system32newsd32.exe
    C:\WINDOWS\system32ps1.exe
    C:\WINDOWS\system32psof1.exe
    C:\WINDOWS\system32psoft1.exe
    C:\WINDOWS\system32regc64.dll
    C:\WINDOWS\system32regm64.dll
    C:\WINDOWS\system32Rundl1.exe
    C:\WINDOWS\system32smp
    C:\WINDOWS\system32smp\msrc.exe
    C:\WINDOWS\system32sncntr.exe
    C:\WINDOWS\system32ssurf022.dll
    C:\WINDOWS\system32ssvchost.com
    C:\WINDOWS\system32ssvchost.exe
    C:\WINDOWS\system32sysreq.exe
    C:\WINDOWS\system32taack.dat
    C:\WINDOWS\system32taack.exe
    C:\WINDOWS\system32temp#01.exe
    C:\WINDOWS\system32thun.dll
    C:\WINDOWS\system32thun32.dll
    C:\WINDOWS\system32VBIEWER.OCX
    C:\WINDOWS\system32vbsys2.dll
    C:\WINDOWS\system32vcatchpi.dll
    C:\WINDOWS\system32winlogonpc.exe
    C:\WINDOWS\system32winsystem.exe
    C:\WINDOWS\system32WINWGPX.EXE
    C:\WINDOWS\userconfig9x.dll
    C:\WINDOWS\Web\def.htm
    C:\WINDOWS\winsystem.exe
    C:\WINDOWS\zip1.tmp
    C:\WINDOWS\zip2.tmp
    C:\WINDOWS\zip3.tmp
    C:\WINDOWS\zipped.tmp

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NWSAPAGENT
    -------\Service_NwSapAgent


    ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
    .

    2008-04-14 22:04 . 2008-04-14 22:04 90,112 --a------ C:\WINDOWS\system32\irmdqviv.exe
    2008-04-14 14:57 . 2008-04-14 15:32 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2008-04-14 14:46 . 2008-04-14 14:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-14 11:14 . 2008-04-14 11:14 3,648 --a------ C:\WINDOWS\system32\nbvlypsc.dll
    2008-04-14 11:14 . 2008-04-14 11:15 294 --ahs---- C:\WINDOWS\system32\bbeayjjd.ini
    2008-04-13 23:31 . 2008-04-13 23:31 3,648 --a------ C:\WINDOWS\system32\chvlwjht.dll
    2008-04-13 18:08 . 2008-04-13 18:08 3,648 --a------ C:\WINDOWS\system32\kqklpole.dll
    2008-04-13 16:34 . 2008-04-13 16:34 3,648 --a------ C:\WINDOWS\system32\swdhlrka.dll
    2008-04-13 16:29 . 2008-04-13 17:49 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\HouseCall 6.6
    2008-04-13 16:26 . 2008-04-14 11:25 10,752 --a------ C:\WINDOWS\DCEBoot.exe
    2008-04-13 16:00 . 2008-04-14 19:06 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\TmpRecentIcons
    2008-04-13 14:24 . 2008-04-13 09:08 258,048 --a------ C:\WINDOWS\nslbvxpgrno.dll
    2008-04-13 14:24 . 2008-04-13 09:08 217,088 --a------ C:\WINDOWS\dsktbwfe.dll
    2008-04-13 14:24 . 2008-04-13 09:08 204,800 --a------ C:\WINDOWS\sgoblxtm.dll
    2008-04-13 14:24 . 2008-04-13 09:08 200,704 --a------ C:\WINDOWS\ogxtsepr.dll
    2008-04-13 14:24 . 2008-04-13 09:08 98,304 --a------ C:\WINDOWS\spnkfwad.exe
    2008-04-13 14:23 . 2008-04-13 14:23 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\sderaxob
    2008-04-13 14:22 . 2008-04-13 14:22 102,400 --a------ C:\WINDOWS\system32\ujsbwtmh.exe
    2008-04-10 20:19 . 2008-04-10 20:19 <DIR> d-------- C:\Program Files\iPod
    2008-04-10 17:54 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-04-06 14:22 . 2008-04-06 14:22 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    2008-04-06 14:19 . 2008-04-06 14:19 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\TomTom
    2008-04-06 14:16 . 2008-04-06 14:16 <DIR> d-------- C:\Program Files\TomTom HOME 2
    2008-03-29 22:27 . 2008-03-29 22:27 <DIR> d----c--- C:\DVDVideoSoft
    2008-03-29 21:48 . 2008-03-29 21:48 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
    2008-03-29 21:47 . 2008-03-29 21:47 <DIR> d-------- C:\Program Files\DVDVideoSoft
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-15 00:40 --------- dc--a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-04-14 19:19 --------- d-----w C:\Program Files\Lavasoft
    2008-04-14 18:07 --------- d-----w C:\Program Files\SpywareBlaster
    2008-04-13 17:05 --------- d-----w C:\Documents and Settings\Mom\Application Data\tunebite
    2008-04-11 00:12 --------- d-----w C:\Program Files\iTunes
    2008-04-10 23:28 --------- d-----w C:\Program Files\QuickTime
    2008-04-01 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-01 14:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-04-01 14:08 --------- d-----w C:\Program Files\Ultra Video To Flash Converter
    2008-04-01 09:21 --------- d-----w C:\Documents and Settings\Mom\Application Data\AOL Communicator
    2008-03-29 01:29 --------- d-----w C:\Documents and Settings\Mom\Application Data\Apple Computer
    2008-03-11 23:04 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-11 22:26 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
    2008-03-11 21:11 --------- d-----w C:\Program Files\Microsoft IntelliPoint
    2008-03-11 21:09 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2008-03-08 02:47 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
    2008-03-07 21:47 --------- d-----w C:\Program Files\Xvid
    2008-03-06 14:30 --------- d-----w C:\Program Files\Java
    2008-03-04 20:09 --------- d-----w C:\Documents and Settings\Mom\Application Data\acccore
    2008-03-04 20:02 --------- dc----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-03-04 19:32 --------- d-----w C:\Program Files\Common Files\AOL
    2008-03-04 18:59 --------- dc----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    2008-02-28 03:18 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-02-28 03:17 --------- d-----w C:\Program Files\Red Kawa
    2008-02-18 05:22 --------- d-----w C:\Program Files\Paint.NET
    2008-02-16 16:34 --------- d-----w C:\Program Files\OverDrive Media Console
    2008-02-13 01:27 54,400 -c--a-w C:\Documents and Settings\Mom\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-26 17:19 2,950 -c--a-w C:\Program Files\rapget.ini
    2007-10-26 16:48 17 -c--a-w C:\Program Files\links.dat
    2007-10-07 23:51 171,008 -c--a-w C:\Program Files\rapget.exe
    2007-03-15 13:38 8,823,064 -c--a-w C:\Program Files\Photoshop_albumSE_en_us_320.exe
    2006-08-25 23:05 59,310,760 -c--a-w C:\Program Files\iPodSetup.exe
    2006-07-25 22:31 3,486,568 -c--a-w C:\Program Files\PaintDotNet_2_64.exe
    2006-07-25 20:22 23,510,720 -c--a-w C:\Program Files\dotnetfx.exe
    2006-06-16 19:12 3,756,032 -c--a-w C:\Program Files\PD955P.exe
    2006-06-15 23:35 360,448 -c--a-w C:\Program Files\mouse32a.exe
    2006-06-11 01:20 64,576 -c--a-w C:\Documents and Settings\Roger\Application Data\GDIPFONTCACHEV1.DAT
    2006-05-30 01:54 2,428,967 -c--a-w C:\Program Files\BitTorrentAbsoluteDownloader.exe
    2006-03-20 23:24 395,708 ----a-w C:\Program Files\Patience50.zip
    2006-03-03 15:12 454,656 -c--a-w C:\Program Files\ie-spyad.exe
    2006-02-25 04:52 282,601 -c--a-w C:\Program Files\hijackthis_sfx.exe
    2006-02-25 02:50 212,849 ----a-w C:\Program Files\hijackthis.zip
    2006-02-24 03:10 7,737,688 -c--a-w C:\Program Files\ewido-setup.exe
    2006-02-21 22:56 523,976 -c--a-w C:\Program Files\PopUpStopperFree.exe
    2006-02-21 17:51 83,220 -c--a-w C:\Program Files\IS4AOL2.exe
    2005-12-05 22:18 243,512 -c--a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw-1.exe
    2005-10-11 14:20 6,635,997 ----a-w C:\Program Files\photoshop_album_SE_3_0_ue.zip
    2005-10-07 12:38 254 ----a-w C:\Program Files\Play video.url
    2005-10-07 12:22 107,496 -c--a-w C:\Program Files\SH3.EXE
    2005-06-20 12:05 20,798,256 -c--a-w C:\Program Files\AdbeRdr70_enu_full.exe
    2005-06-06 19:30 6,180,438 -c--a-w C:\Program Files\win2k_xp1410.exe
    2005-02-18 13:23 226,544 -c--a-w C:\Program Files\jre-1_5_0_01-windows-i586-p-iftw.exe
    2005-01-10 16:04 5,334 -c--a-w C:\Program Files\README.txt
    2005-01-10 16:04 16,322 -c--a-w C:\Program Files\Patience.html
    2005-01-10 15:46 5,774 -c--a-w C:\Program Files\LICENSE.txt
    2005-01-10 01:31 134,975 -c--a-w C:\Program Files\patience.prc
    2005-01-10 01:23 1,710 -c--a-w C:\Program Files\Patience Revisited High Res.html
    2004-12-25 15:37 1,536 -c--a-w C:\Program Files\Patience Revisited HandEra.html
    2004-10-11 12:11 302 -c--a-w C:\Program Files\users.dat
    2004-09-17 16:01 37,542 -c-ha-w C:\Program Files\palm.GID
    2004-09-17 15:52 23,148 -c-ha-w C:\Program Files\sgcalendar.GID
    2004-09-16 12:00 24,180 -c-ha-w C:\Program Files\HOTSYNC.GID
    2004-09-15 12:36 136 -c--a-w C:\Program Files\SerialSync.txt
    2003-09-20 01:18 32,374 -c--a-w C:\Program Files\removeme.exe
    2003-03-27 14:40 1,540,293 -c--a-w C:\Program Files\aaw6.exe
    2003-01-25 19:18 1,212,113 -c--a-w C:\Program Files\kali172e.exe
    2003-01-25 17:45 892,753 -c--a-w C:\Program Files\aaw.exe
    1999-09-21 18:07 1,552,384 -c--a-w C:\Program Files\Upgrade_Utility.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C796500F-4B97-4F2B-B886-11FA6B72F13F}]
    2008-04-13 09:08 258048 --a------ C:\WINDOWS\nslbvxpgrno.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0F0D14C-DA73-4D24-AE67-6F51C7287EF9}]
    C:\WINDOWS\system32\urqQiIcA.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E}"= "C:\WINDOWS\sgoblxtm.dll" [2008-04-13 09:08 204800]

    [HKEY_CLASSES_ROOT\clsid\{54cf4ca2-c46c-4b5c-8dc5-0c0d42ecd69e}]
    [HKEY_CLASSES_ROOT\sgoblxtm.1]
    [HKEY_CLASSES_ROOT\TypeLib\{6D2ABF11-1C46-482A-9B98-1E7C6F823EA8}]
    [HKEY_CLASSES_ROOT\sgoblxtm]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe" [2002-07-24 20:37 155907]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 06:58 206184]
    "brvnzizj"="C:\WINDOWS\system32\ujsbwtmh.exe" [2008-04-13 14:22 102400]
    "wtbhkruu"="C:\WINDOWS\system32\irmdqviv.exe" [2008-04-14 22:04 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
    "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 11:01 155648]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 11:03 106549]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 02:39 212992]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 06:29 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 06:20 114688]
    "Auto EPSON Stylus C42 Series on B1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "\\B1\EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "Auto EPSON Stylus Photo R300 Series (Copy 1) on B1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "\\LAPTOP\EPSON"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
    "FLMOFFICE4DMOUSE"="C:\Program Files\Office Mouse\moffice.exe" [2006-06-16 15:12 806912]
    "HostManager"="C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe" [2007-10-08 17:50 41824]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 02:26 3429904]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 21:08 813912]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="F:\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-02-19 23:04:45 28672]
    HotSync Manager.lnk - C:\Palm\Hotsync.exe [2004-06-09 14:27:34 471040]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-02-18 18:52:00 81920]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "bS9rlFXo1J"= C:\Documents and Settings\All Users\Application Data\sderaxob\uvedivet.exe

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= file:///C:\WINDOWS\privacy_danger\index.htm
    FriendlyName= Privacy Protection

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=34.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\America Online 9.0\\waol.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\WINDOWS\\system32\\rundll32.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\AIM95\\aim.exe"=
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\aolsoftware.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\aim6.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "C:\\Program Files\\AOL 9.0a\\waol.exe"=
    "C:\\WINDOWS\\system32\\msiexec.exe"=
    "C:\\Program Files\\Office Mouse\\moffice.exe"=
    "C:\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\AOLDesktop.exe"=
    "F:\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "8924:TCP"= 8924:TCP:BitComet 8924 TCP
    "8924:UDP"= 8924:UDP:BitComet 8924 UDP
    "3689:TCP"= 3689:TCP:Itunes

    R3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;C:\WINDOWS\system32\DRIVERS\Bel6001.sys [2003-07-09 23:06]
    S2 OpenCASE Media Agent;OpenCASE Media Agent;"C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe" [2007-12-06 19:33]
    S3 idrmkl;idrmkl;C:\DOCUME~1\Roger\LOCALS~1\Temp\idrmkl.sys []
    S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys []
    S3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-06-16 15:12]
    S3 PCDRDRV;Pcdr CPU Helper Driver;C:\WINDOWS\system32\drivers\PCDRDRV.sys []
    S3 PKSDGSY;PKSDGSY;C:\DOCUME~1\Mom\LOCALS~1\Temp\PKSDGSY.exe []
    S3 Rapter2USBConexant;Raptor 1.3 CMOS DSC;C:\WINDOWS\system32\DRIVERS\Rapvid.sys []
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
    S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 20:32]
    S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-05-15 15:32]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setupSNK.exe

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-14 22:08:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "\\\\B1\\EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P35 \"\\\\B1\\EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
    "\\\\LAPTOP\\EPSON"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P14 \"\\\\LAPTOP\\EPSON\" /O14 \"\\\\LAPTOP\\EPSON\" /M \"Stylus Photo R300\""
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-14 22:32:14 - machine was rebooted [Mom]
    ComboFix-quarantined-files.txt 2008-04-15 02:32:00

    Pre-Run: 4,080,238,592 bytes free
    Post-Run: 4,065,787,904 bytes free
    .
    2008-04-11 08:14:40 --- E O F ---
     
  4. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    See previous post for Combofix log. Thanks. Please advise.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:38:41 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\CF12922.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\Documents and Settings\All Users\Application Data\sderaxob\uvedivet.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    C:\WINDOWS\system32\irmdqviv.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Program Files\QuickTime\QTTask.exe
    F:\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commu...d_no=&daterange=2days&viewchange=OPENDATEDESC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: DVA Storm - {C796500F-4B97-4F2B-B886-11FA6B72F13F} - C:\WINDOWS\nslbvxpgrno.dll
    O2 - BHO: (no name) - {E0F0D14C-DA73-4D24-AE67-6F51C7287EF9} - C:\WINDOWS\system32\urqQiIcA.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: sgoblxtm - {54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E} - C:\WINDOWS\sgoblxtm.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Auto EPSON Stylus C42 Series on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P34 "Auto EPSON Stylus C42 Series on B1" /O13 "\\B1\Basement" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\B1\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P35 "\\B1\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series (Copy 1) on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P50 "Auto EPSON Stylus Photo R300 Series (Copy 1) on B1" /O20 "\\B1\EpsonStylusR300" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\LAPTOP\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P14 "\\LAPTOP\EPSON" /O14 "\\LAPTOP\EPSON" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [brvnzizj] C:\WINDOWS\system32\ujsbwtmh.exe
    O4 - HKCU\..\Run: [wtbhkruu] C:\WINDOWS\system32\irmdqviv.exe
    O4 - Startup: Epson printer Registration.lnk = E:\E_reg\EPSONREG.EXE
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136900030812
    O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
    O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: PKSDGSY - Unknown owner - C:\DOCUME~1\Mom\LOCALS~1\Temp\PKSDGSY.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    Go to start - Control Panel - Display Properties - Desktop - Customize Desktop and click on the Web tab.

    Select everything listed there (except for "My current home page") and click on Delete.

    Click OK and on the next screen click Apply.



    Please go to the following link and upload the following file(s) for analysis and let me know what the results are please:

    http://virusscan.jotti.org/

    C:\Program Files\removeme.exe


    Also, do you recognize this?

    C:\Program Files\Play video.url



    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\WINDOWS\system32\irmdqviv.exe
    C:\WINDOWS\system32\nbvlypsc.dll
    C:\WINDOWS\system32\bbeayjjd.ini
    C:\WINDOWS\system32\chvlwjht.dll
    C:\WINDOWS\system32\kqklpole.dll
    C:\WINDOWS\system32\swdhlrka.dll
    C:\WINDOWS\nslbvxpgrno.dll
    C:\WINDOWS\dsktbwfe.dll
    C:\WINDOWS\sgoblxtm.dll
    C:\WINDOWS\ogxtsepr.dll
    C:\WINDOWS\spnkfwad.exe
    C:\WINDOWS\system32\ujsbwtmh.exe
    C:\Program Files\BitTorrentAbsoluteDownloader.exe
    C:\WINDOWS\nslbvxpgrno.dll
    C:\WINDOWS\sgoblxtm.dll
    C:\WINDOWS\system32\ujsbwtmh.exe
    C:\WINDOWS\privacy_danger\index.htm
    
    DirLook::
    C:\Documents and Settings\Mom\Application Data\TmpRecentIcons
    C:\Documents and Settings\All Users\Application Data\sderaxob
    
    Driver::
    idrmkl
    
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C796500F-4B97-4F2B-B886-11FA6B72F13F}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0F0D14C-DA73-4D24-AE67-6F51C7287EF9}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{54CF4CA2-C46C-4B5C-8DC5-0C0D42ECD69E}"=-
    [-HKEY_CLASSES_ROOT\clsid\{54cf4ca2-c46c-4b5c-8dc5-0c0d42ecd69e}]
    [-HKEY_CLASSES_ROOT\sgoblxtm.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{6D2ABF11-1C46-482A-9B98-1E7C6F823EA8}]
    [-HKEY_CLASSES_ROOT\sgoblxtm]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "brvnzizj"=-
    "wtbhkruu"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
    "bS9rlFXo1J"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=-
    "C:\\WINDOWS\\system32\\rundll32.exe"=-
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  6. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    Hi Cookiegal-
    The scan said no problem with those 2 files. No, I don't recognize the name of the 2nd one. Here's the Combofix log and I'll do another post for the HJT thanks. The one pop-up warning still shows up.Thanks for your help I appreciate it.
    ComboFix 08-04-13.3 - Mom 2008-04-15 22:51:02.2 - NTFSx86
    Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Program Files\BitTorrentAbsoluteDownloader.exe
    C:\WINDOWS\dsktbwfe.dll
    C:\WINDOWS\nslbvxpgrno.dll
    C:\WINDOWS\ogxtsepr.dll
    C:\WINDOWS\privacy_danger\index.htm
    C:\WINDOWS\sgoblxtm.dll
    C:\WINDOWS\spnkfwad.exe
    C:\WINDOWS\system32\bbeayjjd.ini
    C:\WINDOWS\system32\chvlwjht.dll
    C:\WINDOWS\system32\irmdqviv.exe
    C:\WINDOWS\system32\kqklpole.dll
    C:\WINDOWS\system32\nbvlypsc.dll
    C:\WINDOWS\system32\swdhlrka.dll
    C:\WINDOWS\system32\ujsbwtmh.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\BitTorrentAbsoluteDownloader.exe
    C:\WINDOWS\dsktbwfe.dll
    C:\WINDOWS\nslbvxpgrno.dll
    C:\WINDOWS\ogxtsepr.dll
    C:\WINDOWS\sgoblxtm.dll
    C:\WINDOWS\spnkfwad.exe
    C:\WINDOWS\system32\bbeayjjd.ini
    C:\WINDOWS\system32\chvlwjht.dll
    C:\WINDOWS\system32\irmdqviv.exe
    C:\WINDOWS\system32\kqklpole.dll
    C:\WINDOWS\system32\nbvlypsc.dll
    C:\WINDOWS\system32\swdhlrka.dll
    C:\WINDOWS\system32\ujsbwtmh.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IDRMKL
    -------\Service_idrmkl


    ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
    .

    2008-04-16 07:34 . 2008-04-16 07:34 102,400 --a------ C:\WINDOWS\system32\mpypcxav.exe
    2008-04-15 21:57 . 2008-04-16 07:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-15 21:57 . 2008-04-15 21:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-14 23:24 . 2008-04-14 23:24 90,112 --a------ C:\WINDOWS\system32\ydabuvcb.exe
    2008-04-14 14:57 . 2008-04-14 15:32 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2008-04-14 14:46 . 2008-04-14 14:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-13 16:29 . 2008-04-13 17:49 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\HouseCall 6.6
    2008-04-13 16:26 . 2008-04-14 11:25 10,752 --a------ C:\WINDOWS\DCEBoot.exe
    2008-04-13 16:00 . 2008-04-14 19:06 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\TmpRecentIcons
    2008-04-13 14:23 . 2008-04-13 14:23 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\sderaxob
    2008-04-10 20:19 . 2008-04-10 20:19 <DIR> d-------- C:\Program Files\iPod
    2008-04-10 17:54 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-04-06 14:22 . 2008-04-06 14:22 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    2008-04-06 14:19 . 2008-04-06 14:19 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\TomTom
    2008-04-06 14:16 . 2008-04-06 14:16 <DIR> d-------- C:\Program Files\TomTom HOME 2
    2008-03-29 22:27 . 2008-03-29 22:27 <DIR> d----c--- C:\DVDVideoSoft
    2008-03-29 21:48 . 2008-03-29 21:48 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
    2008-03-29 21:47 . 2008-03-29 21:47 <DIR> d-------- C:\Program Files\DVDVideoSoft
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-15 17:12 --------- d-----w C:\Program Files\AIM95
    2008-04-15 16:48 --------- d-----w C:\Documents and Settings\Mom\Application Data\AOL Communicator
    2008-04-15 00:40 --------- dc--a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-04-14 19:19 --------- d-----w C:\Program Files\Lavasoft
    2008-04-14 18:07 --------- d-----w C:\Program Files\SpywareBlaster
    2008-04-13 17:05 --------- d-----w C:\Documents and Settings\Mom\Application Data\tunebite
    2008-04-11 00:12 --------- d-----w C:\Program Files\iTunes
    2008-04-10 23:28 --------- d-----w C:\Program Files\QuickTime
    2008-04-01 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-01 14:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-04-01 14:08 --------- d-----w C:\Program Files\Ultra Video To Flash Converter
    2008-03-29 01:29 --------- d-----w C:\Documents and Settings\Mom\Application Data\Apple Computer
    2008-03-11 23:04 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-11 22:26 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
    2008-03-11 21:11 --------- d-----w C:\Program Files\Microsoft IntelliPoint
    2008-03-11 21:09 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2008-03-08 02:47 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
    2008-03-07 21:47 --------- d-----w C:\Program Files\Xvid
    2008-03-06 14:30 --------- d-----w C:\Program Files\Java
    2008-03-04 20:09 --------- d-----w C:\Documents and Settings\Mom\Application Data\acccore
    2008-03-04 20:02 --------- dc----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-03-04 19:32 --------- d-----w C:\Program Files\Common Files\AOL
    2008-03-04 18:59 --------- dc----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    2008-02-28 03:18 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-02-28 03:17 --------- d-----w C:\Program Files\Red Kawa
    2008-02-18 05:22 --------- d-----w C:\Program Files\Paint.NET
    2008-02-16 16:34 --------- d-----w C:\Program Files\OverDrive Media Console
    2008-02-13 01:27 54,400 -c--a-w C:\Documents and Settings\Mom\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-26 17:19 2,950 -c--a-w C:\Program Files\rapget.ini
    2007-10-26 16:48 17 -c--a-w C:\Program Files\links.dat
    2007-10-07 23:51 171,008 -c--a-w C:\Program Files\rapget.exe
    2007-03-15 13:38 8,823,064 -c--a-w C:\Program Files\Photoshop_albumSE_en_us_320.exe
    2006-08-25 23:05 59,310,760 -c--a-w C:\Program Files\iPodSetup.exe
    2006-07-25 22:31 3,486,568 -c--a-w C:\Program Files\PaintDotNet_2_64.exe
    2006-07-25 20:22 23,510,720 -c--a-w C:\Program Files\dotnetfx.exe
    2006-06-16 19:12 3,756,032 -c--a-w C:\Program Files\PD955P.exe
    2006-06-15 23:35 360,448 -c--a-w C:\Program Files\mouse32a.exe
    2006-06-11 01:20 64,576 -c--a-w C:\Documents and Settings\Roger\Application Data\GDIPFONTCACHEV1.DAT
    2006-03-20 23:24 395,708 ----a-w C:\Program Files\Patience50.zip
    2006-03-03 15:12 454,656 -c--a-w C:\Program Files\ie-spyad.exe
    2006-02-25 04:52 282,601 -c--a-w C:\Program Files\hijackthis_sfx.exe
    2006-02-25 02:50 212,849 ----a-w C:\Program Files\hijackthis.zip
    2006-02-24 03:10 7,737,688 -c--a-w C:\Program Files\ewido-setup.exe
    2006-02-21 22:56 523,976 -c--a-w C:\Program Files\PopUpStopperFree.exe
    2006-02-21 17:51 83,220 -c--a-w C:\Program Files\IS4AOL2.exe
    2005-12-05 22:18 243,512 -c--a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw-1.exe
    2005-10-11 14:20 6,635,997 ----a-w C:\Program Files\photoshop_album_SE_3_0_ue.zip
    2005-10-07 12:38 254 ----a-w C:\Program Files\Play video.url
    2005-10-07 12:22 107,496 -c--a-w C:\Program Files\SH3.EXE
    2005-06-20 12:05 20,798,256 -c--a-w C:\Program Files\AdbeRdr70_enu_full.exe
    2005-06-06 19:30 6,180,438 -c--a-w C:\Program Files\win2k_xp1410.exe
    2005-02-18 13:23 226,544 -c--a-w C:\Program Files\jre-1_5_0_01-windows-i586-p-iftw.exe
    2005-01-10 16:04 5,334 -c--a-w C:\Program Files\README.txt
    2005-01-10 16:04 16,322 -c--a-w C:\Program Files\Patience.html
    2005-01-10 15:46 5,774 -c--a-w C:\Program Files\LICENSE.txt
    2005-01-10 01:31 134,975 -c--a-w C:\Program Files\patience.prc
    2005-01-10 01:23 1,710 -c--a-w C:\Program Files\Patience Revisited High Res.html
    2004-12-25 15:37 1,536 -c--a-w C:\Program Files\Patience Revisited HandEra.html
    2004-10-11 12:11 302 -c--a-w C:\Program Files\users.dat
    2004-09-17 16:01 37,542 -c-ha-w C:\Program Files\palm.GID
    2004-09-17 15:52 23,148 -c-ha-w C:\Program Files\sgcalendar.GID
    2004-09-16 12:00 24,180 -c-ha-w C:\Program Files\HOTSYNC.GID
    2004-09-15 12:36 136 -c--a-w C:\Program Files\SerialSync.txt
    2003-09-20 01:18 32,374 -c--a-w C:\Program Files\removeme.exe
    2003-03-27 14:40 1,540,293 -c--a-w C:\Program Files\aaw6.exe
    2003-01-25 19:18 1,212,113 -c--a-w C:\Program Files\kali172e.exe
    2003-01-25 17:45 892,753 -c--a-w C:\Program Files\aaw.exe
    1999-09-21 18:07 1,552,384 -c--a-w C:\Program Files\Upgrade_Utility.exe
    .

    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ---- Directory of C:\Documents and Settings\All Users\Application Data\sderaxob ----

    2008-04-13 14:23 38912 --a--c--- C:\Documents and Settings\All Users\Application Data\sderaxob\uvedivet.exe

    ---- Directory of C:\Documents and Settings\Mom\Application Data\TmpRecentIcons ----

    2008-04-14 14:07 701 --a------ C:\Documents and Settings\Mom\Application Data\TmpRecentIcons\SpywareBlaster.lnk
    2007-12-29 15:35 1631 --a------ C:\Documents and Settings\Mom\Application Data\TmpRecentIcons\Mozilla Firefox.lnk
    2007-12-17 21:11 705 --a------ C:\Documents and Settings\Mom\Application Data\TmpRecentIcons\Tunebite (2).lnk
    2007-12-17 17:13 1318 --a------ C:\Documents and Settings\Mom\Application Data\TmpRecentIcons\HotSync Manager (2).lnk
    2007-11-29 09:42 104 --a------ C:\Documents and Settings\Mom\Application Data\TmpRecentIcons\Shortcut to My Computer.lnk
    2007-01-29 08:26 814 --a------ C:\Documents and Settings\Mom\Application Data\TmpRecentIcons\Internet Explorer.lnk


    ((((((((((((((((((((((((((((( [email protected]_22.30.27.54 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-15 01:56:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-16 03:07:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2007-01-24 21:45:46 102,800 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    + 2007-12-24 21:37:00 138,384 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe" [2002-07-24 20:37 155907]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 06:58 206184]
    "oatoxykh"="C:\WINDOWS\system32\ydabuvcb.exe" [2008-04-14 23:24 90112]
    "sthhxkxe"="C:\WINDOWS\system32\mpypcxav.exe" [2008-04-16 07:34 102400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
    "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 11:01 155648]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 11:03 106549]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 02:39 212992]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 06:29 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 06:20 114688]
    "Auto EPSON Stylus C42 Series on B1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "\\B1\EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "Auto EPSON Stylus Photo R300 Series (Copy 1) on B1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "\\LAPTOP\EPSON"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
    "FLMOFFICE4DMOUSE"="C:\Program Files\Office Mouse\moffice.exe" [2006-06-16 15:12 806912]
    "HostManager"="C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe" [2007-10-08 17:50 41824]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 02:26 3429904]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 21:08 813912]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="F:\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-02-19 23:04:45 28672]
    HotSync Manager.lnk - C:\Palm\Hotsync.exe [2004-06-09 14:27:34 471040]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-02-18 18:52:00 81920]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "bS9rlFXo1J"= C:\Documents and Settings\All Users\Application Data\sderaxob\uvedivet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=34.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\America Online 9.0\\waol.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\AIM95\\aim.exe"=
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\aolsoftware.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\aim6.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "C:\\Program Files\\AOL 9.0a\\waol.exe"=
    "C:\\WINDOWS\\system32\\msiexec.exe"=
    "C:\\Program Files\\Office Mouse\\moffice.exe"=
    "C:\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\AOLDesktop.exe"=
    "F:\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "8924:TCP"= 8924:TCP:BitComet 8924 TCP
    "8924:UDP"= 8924:UDP:BitComet 8924 UDP
    "3689:TCP"= 3689:TCP:Itunes

    R3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;C:\WINDOWS\system32\DRIVERS\Bel6001.sys [2003-07-09 23:06]
    S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys []
    S3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-06-16 15:12]
    S3 PCDRDRV;Pcdr CPU Helper Driver;C:\WINDOWS\system32\drivers\PCDRDRV.sys []
    S3 Rapter2USBConexant;Raptor 1.3 CMOS DSC;C:\WINDOWS\system32\DRIVERS\Rapvid.sys []
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
    S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 20:32]
    S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-05-15 15:32]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setupSNK.exe

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 07:35:37
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "\\\\B1\\EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P35 \"\\\\B1\\EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
    "\\\\LAPTOP\\EPSON"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P14 \"\\\\LAPTOP\\EPSON\" /O14 \"\\\\LAPTOP\\EPSON\" /M \"Stylus Photo R300\""
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Program Files\Office Mouse\mouse32a.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccUpdUI.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\pcclient.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Temp\aubin\patch.exe
    .
    **************************************************************************
    .
    Completion time: 2008-04-16 7:57:42 - machine was rebooted [Mom]
    ComboFix-quarantined-files.txt 2008-04-16 11:56:22
    ComboFix2.txt 2008-04-15 02:32:26

    Pre-Run: 9,343,021,056 bytes free
    Post-Run: 9,246,855,168 bytes free
    .
    2008-04-11 08:14:40 --- E O F ---
     
  7. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    Logfile of HijackThis v1.99.1
    Scan saved at 8:30:20 AM, on 4/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\sderaxob\uvedivet.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\xsjavwtg.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\QuickTime\QTTask.exe
    F:\iTunes\iTunesHelper.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commu...d_no=&daterange=2days&viewchange=OPENDATEDESC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Auto EPSON Stylus C42 Series on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P34 "Auto EPSON Stylus C42 Series on B1" /O13 "\\B1\Basement" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\B1\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P35 "\\B1\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series (Copy 1) on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P50 "Auto EPSON Stylus Photo R300 Series (Copy 1) on B1" /O20 "\\B1\EpsonStylusR300" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\LAPTOP\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P14 "\\LAPTOP\EPSON" /O14 "\\LAPTOP\EPSON" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [oatoxykh] C:\WINDOWS\system32\ydabuvcb.exe
    O4 - HKCU\..\Run: [sthhxkxe] C:\WINDOWS\system32\mpypcxav.exe
    O4 - HKCU\..\Run: [btxmanlv] C:\WINDOWS\system32\xsjavwtg.exe
    O4 - Startup: Epson printer Registration.lnk = E:\E_reg\EPSONREG.EXE
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136900030812
    O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
    O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O20 - AppInit_DLLs: 34.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: PKSDGSY - Unknown owner - C:\DOCUME~1\Mom\LOCALS~1\Temp\PKSDGSY.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\WINDOWS\system32\mpypcxav.exe
    C:\WINDOWS\system32\ydabuvcb.exe
    C:\Program Files\removeme.exe
    
    Folder::
    C:\Documents and Settings\All Users\Application Data\sderaxob
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "oatoxykh"=-
    "sthhxkxe"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
    "bS9rlFXo1J"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""
    
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  9. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    ComboFix 08-04-13.3 - Mom 2008-04-16 12:23:47.3 - NTFSx86
    Running from: C:\Documents and Settings\Mom\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Mom\Desktop\CFScript.txt

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\Program Files\removeme.exe
    C:\WINDOWS\system32\mpypcxav.exe
    C:\WINDOWS\system32\ydabuvcb.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\sderaxob
    C:\Documents and Settings\All Users\Application Data\sderaxob\uvedivet.exe
    C:\Program Files\removeme.exe
    C:\WINDOWS\system32\mpypcxav.exe
    C:\WINDOWS\system32\ydabuvcb.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 )))))))))))))))))))))))))))))))
    .

    2008-04-16 08:14 . 2008-04-16 08:14 102,400 --a------ C:\WINDOWS\system32\xsjavwtg.exe
    2008-04-15 21:57 . 2008-04-16 08:18 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-04-15 21:57 . 2008-04-15 21:57 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-04-14 14:57 . 2008-04-14 15:32 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2008-04-14 14:46 . 2008-04-14 14:46 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2008-04-13 16:29 . 2008-04-13 17:49 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\HouseCall 6.6
    2008-04-13 16:26 . 2008-04-14 11:25 10,752 --a------ C:\WINDOWS\DCEBoot.exe
    2008-04-13 16:00 . 2008-04-14 19:06 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\TmpRecentIcons
    2008-04-10 20:19 . 2008-04-10 20:19 <DIR> d-------- C:\Program Files\iPod
    2008-04-10 17:54 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
    2008-04-06 14:22 . 2008-04-06 14:22 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom
    2008-04-06 14:19 . 2008-04-06 14:19 <DIR> d-------- C:\Documents and Settings\Mom\Application Data\TomTom
    2008-04-06 14:16 . 2008-04-06 14:16 <DIR> d-------- C:\Program Files\TomTom HOME 2
    2008-03-29 22:27 . 2008-03-29 22:27 <DIR> d----c--- C:\DVDVideoSoft
    2008-03-29 21:48 . 2008-03-29 21:48 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
    2008-03-29 21:47 . 2008-03-29 21:47 <DIR> d-------- C:\Program Files\DVDVideoSoft
    2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
    2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-15 17:12 --------- d-----w C:\Program Files\AIM95
    2008-04-15 16:48 --------- d-----w C:\Documents and Settings\Mom\Application Data\AOL Communicator
    2008-04-15 00:40 --------- dc--a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2008-04-14 19:19 --------- d-----w C:\Program Files\Lavasoft
    2008-04-14 18:07 --------- d-----w C:\Program Files\SpywareBlaster
    2008-04-13 17:05 --------- d-----w C:\Documents and Settings\Mom\Application Data\tunebite
    2008-04-11 00:12 --------- d-----w C:\Program Files\iTunes
    2008-04-10 23:28 --------- d-----w C:\Program Files\QuickTime
    2008-04-01 14:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-04-01 14:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    2008-04-01 14:08 --------- d-----w C:\Program Files\Ultra Video To Flash Converter
    2008-03-29 01:29 --------- d-----w C:\Documents and Settings\Mom\Application Data\Apple Computer
    2008-03-11 23:04 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-03-11 22:26 12,160 ----a-w C:\WINDOWS\system32\drivers\mouhid.sys
    2008-03-11 21:11 --------- d-----w C:\Program Files\Microsoft IntelliPoint
    2008-03-11 21:09 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2008-03-08 02:47 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
    2008-03-07 21:47 --------- d-----w C:\Program Files\Xvid
    2008-03-06 14:30 --------- d-----w C:\Program Files\Java
    2008-03-04 20:09 --------- d-----w C:\Documents and Settings\Mom\Application Data\acccore
    2008-03-04 20:02 --------- dc----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
    2008-03-04 19:32 --------- d-----w C:\Program Files\Common Files\AOL
    2008-03-04 18:59 --------- dc----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
    2008-02-28 03:18 --------- d-----w C:\Program Files\AviSynth 2.5
    2008-02-28 03:17 --------- d-----w C:\Program Files\Red Kawa
    2008-02-18 05:22 --------- d-----w C:\Program Files\Paint.NET
    2008-02-16 16:34 --------- d-----w C:\Program Files\OverDrive Media Console
    2008-02-13 01:27 54,400 -c--a-w C:\Documents and Settings\Mom\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-26 17:19 2,950 -c--a-w C:\Program Files\rapget.ini
    2007-10-26 16:48 17 -c--a-w C:\Program Files\links.dat
    2007-10-07 23:51 171,008 -c--a-w C:\Program Files\rapget.exe
    2007-03-15 13:38 8,823,064 -c--a-w C:\Program Files\Photoshop_albumSE_en_us_320.exe
    2006-08-25 23:05 59,310,760 -c--a-w C:\Program Files\iPodSetup.exe
    2006-07-25 22:31 3,486,568 -c--a-w C:\Program Files\PaintDotNet_2_64.exe
    2006-07-25 20:22 23,510,720 -c--a-w C:\Program Files\dotnetfx.exe
    2006-06-16 19:12 3,756,032 -c--a-w C:\Program Files\PD955P.exe
    2006-06-15 23:35 360,448 -c--a-w C:\Program Files\mouse32a.exe
    2006-06-11 01:20 64,576 -c--a-w C:\Documents and Settings\Roger\Application Data\GDIPFONTCACHEV1.DAT
    2006-03-20 23:24 395,708 ----a-w C:\Program Files\Patience50.zip
    2006-03-03 15:12 454,656 -c--a-w C:\Program Files\ie-spyad.exe
    2006-02-25 04:52 282,601 -c--a-w C:\Program Files\hijackthis_sfx.exe
    2006-02-25 02:50 212,849 ----a-w C:\Program Files\hijackthis.zip
    2006-02-24 03:10 7,737,688 -c--a-w C:\Program Files\ewido-setup.exe
    2006-02-21 22:56 523,976 -c--a-w C:\Program Files\PopUpStopperFree.exe
    2006-02-21 17:51 83,220 -c--a-w C:\Program Files\IS4AOL2.exe
    2005-12-05 22:18 243,512 -c--a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw-1.exe
    2005-10-11 14:20 6,635,997 ----a-w C:\Program Files\photoshop_album_SE_3_0_ue.zip
    2005-10-07 12:38 254 ----a-w C:\Program Files\Play video.url
    2005-10-07 12:22 107,496 -c--a-w C:\Program Files\SH3.EXE
    2005-06-20 12:05 20,798,256 -c--a-w C:\Program Files\AdbeRdr70_enu_full.exe
    2005-06-06 19:30 6,180,438 -c--a-w C:\Program Files\win2k_xp1410.exe
    2005-02-18 13:23 226,544 -c--a-w C:\Program Files\jre-1_5_0_01-windows-i586-p-iftw.exe
    2005-01-10 16:04 5,334 -c--a-w C:\Program Files\README.txt
    2005-01-10 16:04 16,322 -c--a-w C:\Program Files\Patience.html
    2005-01-10 15:46 5,774 -c--a-w C:\Program Files\LICENSE.txt
    2005-01-10 01:31 134,975 -c--a-w C:\Program Files\patience.prc
    2005-01-10 01:23 1,710 -c--a-w C:\Program Files\Patience Revisited High Res.html
    2004-12-25 15:37 1,536 -c--a-w C:\Program Files\Patience Revisited HandEra.html
    2004-10-11 12:11 302 -c--a-w C:\Program Files\users.dat
    2004-09-17 16:01 37,542 -c-ha-w C:\Program Files\palm.GID
    2004-09-17 15:52 23,148 -c-ha-w C:\Program Files\sgcalendar.GID
    2004-09-16 12:00 24,180 -c-ha-w C:\Program Files\HOTSYNC.GID
    2004-09-15 12:36 136 -c--a-w C:\Program Files\SerialSync.txt
    2003-03-27 14:40 1,540,293 -c--a-w C:\Program Files\aaw6.exe
    2003-01-25 19:18 1,212,113 -c--a-w C:\Program Files\kali172e.exe
    2003-01-25 17:45 892,753 -c--a-w C:\Program Files\aaw.exe
    1999-09-21 18:07 1,552,384 -c--a-w C:\Program Files\Upgrade_Utility.exe
    .

    ((((((((((((((((((((((((((((( [email protected]_22.30.27.54 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-04-15 01:56:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    + 2008-04-16 12:11:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat
    - 2007-01-24 21:45:46 102,800 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    + 2007-12-24 21:37:00 138,384 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acme.PCHButton"="C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe" [2002-07-24 20:37 155907]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-02-18 06:58 206184]
    "btxmanlv"="C:\WINDOWS\system32\xsjavwtg.exe" [2008-04-16 08:14 102400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
    "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-05-09 11:01 155648]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2002-07-16 11:03 106549]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2001-12-19 02:39 212992]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2002-05-15 06:29 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-05-15 06:20 114688]
    "Auto EPSON Stylus C42 Series on B1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "\\B1\EPSON Stylus Photo R300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "Auto EPSON Stylus Photo R300 Series (Copy 1) on B1"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "\\LAPTOP\EPSON"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.exe" [2003-06-04 03:00 99840]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
    "FLMOFFICE4DMOUSE"="C:\Program Files\Office Mouse\moffice.exe" [2006-06-16 15:12 806912]
    "HostManager"="C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe" [2007-10-08 17:50 41824]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 02:26 3429904]
    "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 21:08 813912]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 19:52 849280]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
    "iTunesHelper"="F:\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2006-02-19 23:04:45 28672]
    HotSync Manager.lnk - C:\Palm\Hotsync.exe [2004-06-09 14:27:34 471040]
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
    InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-02-18 18:52:00 81920]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\America Online 9.0\\waol.exe"=
    "C:\\WINDOWS\\system32\\dpvsetup.exe"=
    "C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "C:\\Program Files\\AIM95\\aim.exe"=
    "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\aolsoftware.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\aim6.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "C:\\Program Files\\AOL 9.0a\\waol.exe"=
    "C:\\WINDOWS\\system32\\msiexec.exe"=
    "C:\\Program Files\\Office Mouse\\moffice.exe"=
    "C:\\Palm\\HOTSYNC.EXE"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Common Files\\AOL\\1161261455\\ee\\AOLDesktop.exe"=
    "F:\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "8924:TCP"= 8924:TCP:BitComet 8924 TCP
    "8924:UDP"= 8924:UDP:BitComet 8924 UDP
    "3689:TCP"= 3689:TCP:Itunes

    R3 rtl8180;Belkin 11Mbps Wireless Desktop Network Card Driver;C:\WINDOWS\system32\DRIVERS\Bel6001.sys [2003-07-09 23:06]
    S2 OpenCASE Media Agent;OpenCASE Media Agent;"C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe" [2007-12-06 19:33]
    S3 LTower;LEGO USB Tower Driver;C:\WINDOWS\system32\Drivers\LTower.sys []
    S3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-06-16 15:12]
    S3 PCDRDRV;Pcdr CPU Helper Driver;C:\WINDOWS\system32\drivers\PCDRDRV.sys []
    S3 PKSDGSY;PKSDGSY;C:\DOCUME~1\Mom\LOCALS~1\Temp\PKSDGSY.exe []
    S3 Rapter2USBConexant;Raptor 1.3 CMOS DSC;C:\WINDOWS\system32\DRIVERS\Rapvid.sys []
    S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 23:41]
    S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2004-12-18 20:32]
    S3 WmaCDriverV32;WmaCDriverV32;C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-05-15 15:32]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    \Shell\AutoRun\command - D:\setupSNK.exe

    .
    **************************************************************************

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-16 12:33:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
    "\\\\B1\\EPSON Stylus Photo R300 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P35 \"\\\\B1\\EPSON Stylus Photo R300 Series\" /O6 \"USB001\" /M \"Stylus Photo R300\""
    "\\\\LAPTOP\\EPSON"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2F1.EXE /P14 \"\\\\LAPTOP\\EPSON\" /O14 \"\\\\LAPTOP\\EPSON\" /M \"Stylus Photo R300\""
    .
    Completion time: 2008-04-16 12:44:30
    ComboFix-quarantined-files.txt 2008-04-16 16:43:32
    ComboFix2.txt 2008-04-16 11:57:49
    ComboFix3.txt 2008-04-15 02:32:26

    Pre-Run: 9,216,454,656 bytes free
    Post-Run: 9,206,099,968 bytes free
    .
    2008-04-11 08:14:40 --- E O F ---
     
  10. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    Logfile of HijackThis v1.99.1
    Scan saved at 6:24:50 PM, on 4/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Office Mouse\moffice.exe
    C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\QuickTime\QTTask.exe
    F:\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\xsjavwtg.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\Program Files\Office Mouse\MOUSE32A.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\E_S00RP1.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commu...d_no=&daterange=2days&viewchange=OPENDATEDESC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Auto EPSON Stylus C42 Series on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P34 "Auto EPSON Stylus C42 Series on B1" /O13 "\\B1\Basement" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\B1\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P35 "\\B1\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series (Copy 1) on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P50 "Auto EPSON Stylus Photo R300 Series (Copy 1) on B1" /O20 "\\B1\EpsonStylusR300" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\LAPTOP\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P14 "\\LAPTOP\EPSON" /O14 "\\LAPTOP\EPSON" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [btxmanlv] C:\WINDOWS\system32\xsjavwtg.exe
    O4 - Startup: Epson printer Registration.lnk = E:\E_reg\EPSONREG.EXE
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136900030812
    O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
    O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: PKSDGSY - Unknown owner - C:\DOCUME~1\Mom\LOCALS~1\Temp\PKSDGSY.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.


    Please run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    Choose the "Extended database" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from the SuperAntiSpyware and Kaspersky scans.
     
  12. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    Hi Cookiegal: I did the 3 things you told me to. The Kaspersky Scan took over 6 hours and when I went to save the scan log it froze and so I lost it all. I'll do it over and try to save it differently next time. But here's the HJT & SuperAntiSpyware. I don't know if you can use it without the Kaspersky Scan, but I wanted to update you.
    Unfortunately, too I still have the pop-up virus on my taskbar.


    Logfile of HijackThis v1.99.1
    Scan saved at 8:28:46 PM, on 4/17/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\system32\xsjavwtg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weightwatchers.com/commu...d_no=&daterange=2days&viewchange=OPENDATEDESC
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Auto EPSON Stylus C42 Series on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P34 "Auto EPSON Stylus C42 Series on B1" /O13 "\\B1\Basement" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O5 "LPT1:" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\B1\EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P35 "\\B1\EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R300 Series (Copy 1) on B1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P50 "Auto EPSON Stylus Photo R300 Series (Copy 1) on B1" /O20 "\\B1\EpsonStylusR300" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [\\LAPTOP\EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P14 "\\LAPTOP\EPSON" /O14 "\\LAPTOP\EPSON" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Office Mouse\moffice.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1161261455\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPINST~1\plugin\bin\pchbutton.exe
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [btxmanlv] C:\WINDOWS\system32\xsjavwtg.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Epson printer Registration.lnk = E:\E_reg\EPSONREG.EXE
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - http://www.comcastsupport.com/sdcxuser/asp/tgctlsr.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136900030812
    O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
    O16 - DPF: {C75BE5CC-7F80-458C-8B66-FAB86E3B13C3} (FotkiUploader Control) - http://images.fotki.com/activex/FotkiUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: PKSDGSY - Unknown owner - C:\DOCUME~1\Mom\LOCALS~1\Temp\PKSDGSY.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
     
  13. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 04/16/2008 at 10:44 PM

    Application Version : 4.0.1154

    Core Rules Database Version : 3440
    Trace Rules Database Version: 1432

    Scan type : Complete Scan
    Total Scan Time : 02:09:40

    Memory items scanned : 509
    Memory threats detected : 0
    Registry items scanned : 6813
    Registry threats detected : 4
    File items scanned : 123048
    File threats detected : 144

    Adware.Tracking Cookie
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][2].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][3].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Mom\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][2].txt
    C:\Documents and Settings\Carolyn\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][2].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][3].txt
    C:\Documents and Settings\Peter\Cookies\[email protected][1].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][1].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][1].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][2].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][2].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][1].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][1].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][1].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][2].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][2].txt
    C:\Documents and Settings\Roger\Cookies\[email protected][2].txt

    Browser Hijacker.Internet Explorer Settings Hijack
    HKU\S-1-5-21-4097411637-2911765694-2800509490-1010\Software\Microsoft\Internet Explorer\Main#Start Page [ http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 ]

    Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YazzleActiveX.ocx#{74CD40EA-EF77-4BAD-808A-B5982DA73F20}
     
  14. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,325
    First Name:
    Karen
    It would be good if you could get the Kaspersky scan results.

    Open Notepad and copy and paste the text in the code box below into it:

    Code:
    File::
    C:\WINDOWS\system32\xsjavwtg.exe
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "btxmanlv"=-
     
    Save the file to your desktop and name it CFScript.txt

    Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

    [​IMG]


    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.
     
  15. RKMole

    RKMole Thread Starter

    Joined:
    Nov 28, 2001
    Messages:
    283
    Cookiegal- I'm having the same trouble saving CFScript.txt as I did when I tried to save the Kaspersky scan. When I click save, the hourglass shows up and never goes away. If I click again, it says "Notepad not responding".
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/703686

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice