1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Another one with vundo trojan headache

Discussion in 'Virus & Other Malware Removal' started by Paronald, Jul 18, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Paronald

    Paronald Thread Starter

    Joined:
    May 15, 2006
    Messages:
    10
    Hello all
    I have been following the posts to other members on getting rid of the vundo virus.
    I haven't had any success with running VundoFix, etc.
    I would be very thankful for any help.

    gfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:35:24 PM, on 7/18/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\INTERN~2\mum.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe
    C:\Program Files\Chronograph\chrono.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\qwerty12.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\Flashget\jccatch.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: (no name) - {c28f7be5-5e85-42df-a926-891d4ca8c655} - C:\WINDOWS\system32\dxdReg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\Flashget\getflash.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\Flashget\fgiebar.dll
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
    O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\Flashget\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\Flashget\jc_link.htm
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\openselectedurl.htm
    O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\dxdReg.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\dxdReg.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Flashget\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Flashget\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\WINDOWS\system32\dxdReg.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///E:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\mljjghi.dll
    O20 - Winlogon Notify: bidgmt - bidgmt.dll (file missing)
    O20 - Winlogon Notify: biossvc - biossvc.dll (file missing)
    O20 - Winlogon Notify: dxdReg - C:\WINDOWS\SYSTEM32\dxdReg.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Spy Emergency Shield Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O24 - Desktop Component 0: (no name) - http://www.learnall-forums.co.uk/forums/clientscript/vbulletin_global.js?v=364

    --
    End of file - 16162 bytes
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
  3. Paronald

    Paronald Thread Starter

    Joined:
    May 15, 2006
    Messages:
    10
    Sorry, cybertech. Have to use multiple posts....


    "Ron Hatton" - 2007-07-19 14:21:51 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\ahuiTFS.dll
    C:\WINDOWS\system32\dcac010.dll
    C:\WINDOWS\system32\fltlpr.dll
    C:\WINDOWS\system32\glu3eml.dll
    C:\WINDOWS\system32\ieaktpp.dll
    C:\WINDOWS\system32\imags32.dll
    C:\WINDOWS\system32\kbdgnt.dll
    C:\WINDOWS\system32\mljjghi.dll
    C:\WINDOWS\awtspo.dll
    C:\WINDOWS\awtsqn.dll
    C:\WINDOWS\fcyyax.dll
    C:\WINDOWS\geeebc.dll
    C:\WINDOWS\geeecd.dll
    C:\WINDOWS\hgfedc.dll
    C:\WINDOWS\mlkkji.dll
    C:\WINDOWS\pmljge.dll
    C:\WINDOWS\pmnonn.dll
    C:\WINDOWS\rqppnk.dll
    C:\WINDOWS\tuvttu.dll
    C:\WINDOWS\vtuuvu.dll
    C:\WINDOWS\wvwusp.dll
    C:\WINDOWS\xxxusp.dll
    C:\WINDOWS\system32\awtqn.exe
    C:\WINDOWS\system32\awvvw.exe
    C:\WINDOWS\system32\ddayv.exe
    C:\WINDOWS\system32\geede.exe
    C:\WINDOWS\system32\jkkji.exe
    C:\WINDOWS\system32\mlljh.exe
    C:\WINDOWS\system32\pmnlm.exe
    C:\WINDOWS\system32\ssttq.exe
    C:\WINDOWS\system32\vtsqo.exe
    C:\WINDOWS\system32\dxdReg.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp111.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp118.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp14.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp155.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp34.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp3F.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp42.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp46.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp61.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp8D.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp8F.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmp9.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmpAB.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmpDB.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmpE.tmp.exe
    C:\DOCUME~1\RONHAT~1\APPLIC~1\tmpF.tmp.exe
    C:\WINDOWS\system32\dnf87b4c1f.dat
    C:\WINDOWS\system32\qwerty12.exe


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE
    -------\DomainService


    ((((((((((((((((((((((((( Files Created from 2007-06-19 to 2007-07-19 )))))))))))))))))))))))))))))))


    2007-07-19 14:20 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-18 15:25 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
    2007-07-18 13:48 <DIR> d-------- C:\Program Files\RegistryEasy
    2007-07-17 20:49 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
    2007-07-16 20:52 <DIR> d-------- C:\Program Files\Flashget
    2007-07-16 19:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
    2007-07-16 19:54 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-07-15 18:47 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-07-15 18:42 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
    2007-07-15 18:41 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-07-15 18:40 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2007-07-15 14:37 <DIR> d-------- C:\DOCUME~1\NETWOR~1\APPLIC~1\Webroot
    2007-07-14 19:22 14,528 --a------ C:\WINDOWS\system32\drivers\spyemrg_guard.sys
    2007-07-14 19:22 14,016 --a------ C:\WINDOWS\system32\drivers\spyemrg.sys
    2007-07-14 19:22 129,856 --a------ C:\WINDOWS\system32\SpyEmergencyCnt.dll
    2007-07-14 19:22 <DIR> d-------- C:\Program Files\NETGATE
    2007-07-12 21:26 271,360 --a------ C:\WINDOWS\system32\mscoree.dll
    2007-07-12 19:47 <DIR> d-------- C:\VundoFix Backups
    2007-07-12 16:11 <DIR> d-------- C:\DOCUME~1\RONHAT~1\APPLIC~1\Spy Emergency
    2007-07-12 16:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NETGATE
    2007-07-12 16:09 14,680,064 --a------ C:\DOCUME~1\RONHAT~1\ntuser.dat
    2007-07-09 22:14 <DIR> d-------- C:\DOCUME~1\RONHAT~1\APPLIC~1\Apple Computer
    2007-07-09 22:09 <DIR> d-------- C:\Program Files\QuickTime
    2007-07-09 22:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-07-09 16:04 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-09 14:03 <DIR> d-------- C:\DOCUME~1\RONHAT~1\.housecall6.6
    2007-07-08 10:00 <DIR> dr-hs---- C:\Win32 System CRC
    2007-07-06 19:49 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
    2007-07-05 19:01 14 --a------ C:\WINDOWS\system32\SystemInfo32.sys
    2007-07-05 19:01 <DIR> d-------- C:\Program Files\DVD X Studios
    2007-07-05 19:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD X Studios
    2007-07-03 21:56 <DIR> d-------- C:\DOCUME~1\RONHAT~1\APPLIC~1\FixerLabs
    2007-07-03 21:45 <DIR> d-------- C:\Program Files\Face Smoother
    2007-07-03 21:20 <DIR> d-------- C:\Program Files\PhotoZoom Pro 2
    2007-07-03 21:08 <DIR> d-------- C:\Program Files\Duplicate File Remover
    2007-07-03 19:12 667,648 --a------ C:\WINDOWS\InZU31.exe
    2007-07-03 19:12 15,172 --a------ C:\WINDOWS\system32\drivers\PzWDM.sys
    2007-07-03 19:12 <DIR> d-------- C:\Program Files\ONES (E)
    2007-07-02 22:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Metacafe
    2007-07-02 20:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
    2007-07-02 20:49 <DIR> d-------- C:\DOCUME~1\RONHAT~1\APPLIC~1\Webroot
    2007-07-02 20:23 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
    2007-07-02 20:23 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
    2007-07-02 20:23 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
    2007-07-02 20:23 144,960 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
    2007-07-02 20:23 <DIR> d-------- C:\Program Files\Webroot
    2007-06-30 21:28 <DIR> d-------- C:\Program Files\Incomplete
    2007-06-25 19:31 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
    2007-06-24 21:39 <DIR> d-------- C:\Program Files\BulletProofSoft.com
    2007-06-24 21:28 <DIR> d-------- C:\Program Files\Sunbelt Software
    2007-06-24 21:28 <DIR> d-------- C:\DOCUME~1\RONHAT~1\APPLIC~1\Sunbelt Software
    2007-06-24 21:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sunbelt Software
    2007-06-21 16:42 <DIR> d-------- C:\Program Files\BitDownload


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-18 02:00:32 -------- d-----w C:\Program Files\XoftSpySE
    2007-07-16 09:54:23 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
    2007-07-15 08:46:38 -------- d-----w C:\Program Files\MSBuild
    2007-07-13 11:03:53 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\Canon
    2007-07-06 02:45:59 -------- d-----w C:\Program Files\Internode
    2007-07-06 02:45:59 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\Internode
    2007-07-03 10:31:47 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\Vso
    2007-07-02 12:29:23 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\Metacafe
    2007-07-01 06:53:49 -------- d-----w C:\Program Files\Video Convert Master
    2007-06-30 11:33:30 -------- d-----w C:\Program Files\LimeWire
    2007-06-29 21:04:49 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\LimeWire
    2007-06-28 08:53:23 -------- d-----w C:\Program Files\Spyware Doctor
    2007-06-24 11:33:26 -------- d-----w C:\Program Files\Replay Media Catcher
    2007-06-22 11:28:59 -------- d-----w C:\Program Files\Advanced MP3 Converter
    2007-06-22 08:49:05 -------- d-----w C:\Program Files\Super DVD Creator 9.30
    2007-06-17 10:58:07 -------- d-----w C:\Program Files\Duplicate files finder
    2007-06-17 09:00:23 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\Google
    2007-06-17 08:59:40 -------- d-----w C:\Program Files\Google
    2007-06-17 06:06:09 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\NewsLeecher
    2007-06-16 11:35:14 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\Hardcoded Software
    2007-06-15 21:09:38 -------- d-----w C:\Program Files\Chronograph
    2007-06-15 06:33:22 -------- d-----w C:\Program Files\dvdSanta
    2007-06-15 06:17:36 -------- d-----w C:\Program Files\ACW
    2007-06-15 05:47:56 -------- d-----w C:\Program Files\RAM Booster Pro
    2007-06-15 05:32:42 -------- d-----w C:\Program Files\Innovative Solutions
    2007-06-15 05:25:15 -------- d-----w C:\Program Files\DriverGuide Toolkit
    2007-06-15 05:23:46 -------- d-----w C:\Program Files\The Logo Creator v5
    2007-06-15 05:22:31 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-06-15 05:22:31 -------- d-----w C:\Program Files\Paragon Software
    2007-06-15 05:21:09 -------- d-----w C:\Program Files\Memory Washer
    2007-06-15 05:16:47 -------- d-----w C:\Program Files\diggbar
    2007-06-15 05:08:39 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\ArcSoft
    2007-06-15 04:37:00 27,376 ----a-w C:\WINDOWS\system32\SBBD.exe
    2007-06-13 10:16:32 -------- d-----w C:\Program Files\VSO
    2007-06-13 09:57:22 -------- d-----w C:\Program Files\Photolightning
    2007-06-13 09:53:14 -------- d-----w C:\Program Files\ABBYY FineReader 8.0 Professional Edition
    2007-06-13 09:25:54 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\Lavasoft
    2007-06-13 09:25:34 -------- d-----w C:\Program Files\Lavasoft
    2007-06-11 10:31:46 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\AdobeUM
    2007-05-30 11:07:59 -------- d-----w C:\Program Files\Colour-Science i2e Photoshop plugin
    2007-05-29 12:30:42 -------- d-----w C:\DOCUME~1\RONHAT~1\APPLIC~1\CopyToDvd
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-27 08:33:36 18 -c--a-w C:\Program Files\XP Repair Pro 2007ERR_Item5-4-27-2007_18-31-41_156603.dnp
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-23 10:08:23 92 ----a-w C:\WINDOWS\vmreg32.dll
    2007-04-23 07:27:47 87,608 ----a-w C:\DOCUME~1\RONHAT~1\APPLIC~1\inst.exe
    2007-04-23 07:27:47 47,360 -c--a-w C:\DOCUME~1\RONHAT~1\APPLIC~1\pcouffin.sys
    2007-04-23 07:25:55 87,608 ----a-w C:\DOCUME~1\RONHAT~1\APPLIC~1\ezpinst.exe
    2007-04-22 12:11:54 237,568 ----a-w C:\WINDOWS\system32\xvidvfw.dll
    2007-04-22 12:11:54 1,216,512 ----a-w C:\WINDOWS\system32\xvidcore.dll
    2007-04-22 12:10:04 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
    2007-04-22 12:09:54 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
    2007-04-22 12:09:54 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
    2007-04-22 12:09:26 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
    2007-02-11 05:39:37 19,888 -c--a-w C:\DOCUME~1\RONHAT~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2005-09-09 08:55:53 35 ----a-w C:\Program Files\SCSSDist.ini
    2005-09-09 08:55:52 37,766,164 -c--a-w C:\Program Files\Data1.cab


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
    2007-02-06 08:08 63048 --a------ C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
    2007-06-29 21:44 94308 --a------ C:\Program Files\Flashget\jccatch.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
    2007-01-04 21:57 247112 --a------ C:\Program Files\GetRight\xx2gr.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    2005-05-31 00:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
    2007-03-12 18:51 5375032 --a------ C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
    2006-11-29 08:50 67136 --a------ C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
    2006-10-22 23:20 321120 --a------ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
    2007-05-16 15:05 163840 --a------ C:\Program Files\Flashget\getflash.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-09 19:50]
    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-09 19:39]
    "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-29 08:50]
    "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "InternodeUsage"="C:\PROGRA~1\INTERN~2\mum.exe" [2007-07-06 12:45]
    "Advanced Uninstaller PRO Installation Monitor"="C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe" [2007-03-05 21:33]
    "Chronograph"="C:\Program Files\Chronograph\chrono.exe" [2007-05-30 17:40]
    "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-03-12 18:51]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
    Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2007-07-06 19:49:17]
    Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 00:01:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSaveSettings"=0 (0x0)
    "NoFileMenu"=0 (0x0)
    "NoCommonGroups"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bidgmt]
    bidgmt.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\biossvc]
    biossvc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\mljjghi.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages msv1_0 relog_ap

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SBCSSvc]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
    backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Autodetect.lnk]
    backup=C:\WINDOWS\pss\Autodetect.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ron Hatton^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ron Hatton^Start Menu^Programs^Startup^Metacafe Downloader.lnk]
    backup=C:\WINDOWS\pss\Metacafe Downloader.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ron Hatton^Start Menu^Programs^Startup^Spyware Vaccine.lnk]
    backup=C:\WINDOWS\pss\Spyware Vaccine.lnkStartup


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BPS Spyware Remover]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    C:\WINDOWS\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
    "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveDiscoveryMemoryResident]
    C:\Program Files\NotsoSoftware\DriveDiscovery\NSSMR.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMagicLogon]
    "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
    C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternodeUsage]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
    "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetPumper]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMBoosterPro]
    "C:\Program Files\RAM Booster Pro\RAMBoosterPro.exe" auto

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
    C:\Program Files\RegDoctor\RegDoctor.exe -Quick

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
    "C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
    "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowIcon_Transcent Information, Inc._CRW Series Driver v1.17r002]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
    "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyStopperPro]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywarebot]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunServer]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU2]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherStudio Desktop]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winehq.org]
    rundll32.exe "C:\WINDOWS\yabccy.dll",realset

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
    UxTuneUp


    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28B46AD8-B330-1994-0701-060406070504}
    C:\WINDOWS\system32\drwsn32.exe

    Contents of the 'Scheduled Tasks' folder
    2007-07-13 07:47:10 C:\WINDOWS\tasks\1-Click Maintenance.job
    2007-01-17 08:04:20 C:\WINDOWS\tasks\Paragon HDD copy.job
    2007-07-19 04:33:46 C:\WINDOWS\tasks\XoftSpySE 2.job
    2007-06-29 20:17:21 C:\WINDOWS\tasks\XoftSpySE.job

    **************************************************************************

    catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-19 14:34:26
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-19 14:37:17 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-19 14:36

    --- E O F ---
     
  4. Paronald

    Paronald Thread Starter

    Joined:
    May 15, 2006
    Messages:
    10
    Code:
    2007-06-21 16:21      13019    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mljjghi.dll.vir
    2007-06-22 18:55      134774    --a------    C:\Qoobox\Quarantine\C\WINDOWS\hgfedc.dll.vir
    2007-06-23 18:24      134837    --a------    C:\Qoobox\Quarantine\C\WINDOWS\awtsqn.dll.vir
    2007-06-24 18:23      135018    --a------    C:\Qoobox\Quarantine\C\WINDOWS\wvwusp.dll.vir
    2007-06-28 17:15      134903    --a------    C:\Qoobox\Quarantine\C\WINDOWS\pmnonn.dll.vir
    2007-06-28 22:10      134903    --a------    C:\Qoobox\Quarantine\C\WINDOWS\rqppnk.dll.vir
    2007-06-29 18:36      128251    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp155.tmp.exe.vir
    2007-06-29 18:36      134887    --a------    C:\Qoobox\Quarantine\C\WINDOWS\geeecd.dll.vir
    2007-06-30 15:39      128278    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp61.tmp.exe.vir
    2007-06-30 15:39      135001    --a------    C:\Qoobox\Quarantine\C\WINDOWS\fcyyax.dll.vir
    2007-07-01 16:25      128074    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp42.tmp.exe.vir
    2007-07-01 16:25      134871    --a------    C:\Qoobox\Quarantine\C\WINDOWS\awtspo.dll.vir
    2007-07-02 19:24      128222    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp34.tmp.exe.vir
    2007-07-02 19:24      134972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\geeebc.dll.vir
    2007-07-04 19:57      105526    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\mlljh.exe.vir
    2007-07-04 19:57      92754    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dcac010.dll.vir
    2007-07-04 20:46      105520    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ddayv.exe.vir
    2007-07-05 13:18      128126    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp46.tmp.exe.vir
    2007-07-05 13:18      134993    --a------    C:\Qoobox\Quarantine\C\WINDOWS\pmljge.dll.vir
    2007-07-05 21:05      128171    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp3F.tmp.exe.vir
    2007-07-05 21:05      134861    --a------    C:\Qoobox\Quarantine\C\WINDOWS\mlkkji.dll.vir
    2007-07-06 21:59      128289    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp118.tmp.exe.vir
    2007-07-06 21:59      134924    --a------    C:\Qoobox\Quarantine\C\WINDOWS\vtuuvu.dll.vir
    2007-07-07 20:29      128172    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp111.tmp.exe.vir
    2007-07-07 20:29      134936    --a------    C:\Qoobox\Quarantine\C\WINDOWS\xxxusp.dll.vir
    2007-07-10 22:37      58798    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp8D.tmp.exe.vir
    2007-07-10 22:40      128169    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp8F.tmp.exe.vir
    2007-07-10 22:40      134965    --a------    C:\Qoobox\Quarantine\C\WINDOWS\tuvttu.dll.vir
    2007-07-12 13:25      58798    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmpDB.tmp.exe.vir
    2007-07-13 17:48      58798    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmpAB.tmp.exe.vir
    2007-07-14 18:10      105504    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ssttq.exe.vir
    2007-07-14 18:11      92831    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ahuiTFS.dll.vir
    2007-07-14 18:16      105427    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\jkkji.exe.vir
    2007-07-14 18:16      92690    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fltlpr.dll.vir
    2007-07-14 19:16      105509    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\geede.exe.vir
    2007-07-14 19:16      92680    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\kbdgnt.dll.vir
    2007-07-14 21:05      105506    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\awtqn.exe.vir
    2007-07-14 21:05      92693    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ieaktpp.dll.vir
    2007-07-14 21:32      105386    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\vtsqo.exe.vir
    2007-07-14 21:32      92693    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\imags32.dll.vir
    2007-07-14 22:39      105529    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\pmnlm.exe.vir
    2007-07-14 22:40      92718    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\glu3eml.dll.vir
    2007-07-15 14:44      105510    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\awvvw.exe.vir
    2007-07-15 14:44      92738    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dxdReg.dll.vir
    2007-07-15 14:45      58798    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp9.tmp.exe.vir
    2007-07-16 15:12      58798    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmpE.tmp.exe.vir
    2007-07-17 16:12      58798    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmp14.tmp.exe.vir
    2007-07-18 16:18      55235    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\qwerty12.exe.vir
    2007-07-18 16:18      58798    --a------    C:\Qoobox\Quarantine\C\DOCUME~1\RONHAT~1\APPLIC~1\tmpF.tmp.exe.vir
    2007-07-19 14:27      1098    --a------    C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAINSERVICE.reg.cf
    2007-07-19 14:27      2956    --a------    C:\Qoobox\Quarantine\Registry_backups\services_DomainService.reg.cf
    2007-07-19 14:31      141382    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dnf87b4c1f.dat.vir
    2007-07-19 14:31      52    --a------    C:\Qoobox\Quarantine\catchme.log
    
    
    Folder PATH listing
    Volume serial number is F87B-4C1F
    C:\QOOBOX
    \---Quarantine
        |   catchme.log
        |   
        +---C
        |   +---DOCUME~1
        |   |   \---RONHAT~1
        |   |       \---APPLIC~1
        |   |               tmp111.tmp.exe.vir
        |   |               tmp118.tmp.exe.vir
        |   |               tmp14.tmp.exe.vir
        |   |               tmp155.tmp.exe.vir
        |   |               tmp34.tmp.exe.vir
        |   |               tmp3F.tmp.exe.vir
        |   |               tmp42.tmp.exe.vir
        |   |               tmp46.tmp.exe.vir
        |   |               tmp61.tmp.exe.vir
        |   |               tmp8D.tmp.exe.vir
        |   |               tmp8F.tmp.exe.vir
        |   |               tmp9.tmp.exe.vir
        |   |               tmpAB.tmp.exe.vir
        |   |               tmpDB.tmp.exe.vir
        |   |               tmpE.tmp.exe.vir
        |   |               tmpF.tmp.exe.vir
        |   |               
        |   \---WINDOWS
        |       |   awtspo.dll.vir
        |       |   awtsqn.dll.vir
        |       |   fcyyax.dll.vir
        |       |   geeebc.dll.vir
        |       |   geeecd.dll.vir
        |       |   hgfedc.dll.vir
        |       |   mlkkji.dll.vir
        |       |   pmljge.dll.vir
        |       |   pmnonn.dll.vir
        |       |   rqppnk.dll.vir
        |       |   tuvttu.dll.vir
        |       |   vtuuvu.dll.vir
        |       |   wvwusp.dll.vir
        |       |   xxxusp.dll.vir
        |       |   
        |       \---system32
        |               ahuiTFS.dll.vir
        |               awtqn.exe.vir
        |               awvvw.exe.vir
        |               dcac010.dll.vir
        |               ddayv.exe.vir
        |               dnf87b4c1f.dat.vir
        |               dxdReg.dll.vir
        |               fltlpr.dll.vir
        |               geede.exe.vir
        |               glu3eml.dll.vir
        |               ieaktpp.dll.vir
        |               imags32.dll.vir
        |               jkkji.exe.vir
        |               kbdgnt.dll.vir
        |               mljjghi.dll.vir
        |               mlljh.exe.vir
        |               pmnlm.exe.vir
        |               qwerty12.exe.vir
        |               ssttq.exe.vir
        |               vtsqo.exe.vir
        |               
        \---Registry_backups
                LEGACY_DOMAINSERVICE.reg.cf
                services_DomainService.reg.cf
                
    
     
  5. Paronald

    Paronald Thread Starter

    Joined:
    May 15, 2006
    Messages:
    10
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:50:04 PM, on 7/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\INTERN~2\mum.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe
    C:\Program Files\Chronograph\chrono.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\Flashget\jccatch.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\Flashget\getflash.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\Flashget\fgiebar.dll
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
    O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\Flashget\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\Flashget\jc_link.htm
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\openselectedurl.htm
    O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Flashget\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Flashget\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///E:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - AppInit_DLLs: c:\windows\system32\mljjghi.dll
    O20 - Winlogon Notify: bidgmt - bidgmt.dll (file missing)
    O20 - Winlogon Notify: biossvc - biossvc.dll (file missing)
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Spy Emergency Shield Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O24 - Desktop Component 0: (no name) - http://www.learnall-forums.co.uk/forums/clientscript/vbulletin_global.js?v=364

    --
    End of file - 15951 bytes
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O20 - AppInit_DLLs: c:\windows\system32\mljjghi.dll
    O20 - Winlogon Notify: bidgmt - bidgmt.dll (file missing)
    O20 - Winlogon Notify: biossvc - biossvc.dll (file missing)

    Close all applications and browser windows before you click "fix checked".


    Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 only

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

    Click Exit on the Main menu to close the program.



    Download and scan with SUPERAntiSpyware Free for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
    • Click Close to exit the program.
     
  7. Paronald

    Paronald Thread Starter

    Joined:
    May 15, 2006
    Messages:
    10
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/20/2007 at 05:12 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3271
    Trace Rules Database Version: 1282

    Scan type : Complete Scan
    Total Scan Time : 01:29:15

    Memory items scanned : 421
    Memory threats detected : 0
    Registry items scanned : 7322
    Registry threats detected : 27
    File items scanned : 102997
    File threats detected : 17

    Unclassified.Oreans32
    HKLM\System\ControlSet001\Services\oreans32
    C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
    HKLM\System\ControlSet003\Services\oreans32
    HKLM\System\CurrentControlSet\Services\oreans32
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
    HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

    Trojan.Duncan
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\AHUITFS.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DCAC010.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DXDREG.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FLTLPR.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\GLU3EML.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IEAKTPP.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\IMAGS32.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\KBDGNT.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{ED77BC3B-F4E0-46E0-8276-7F4159E53F72}\RP14\A0004922.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{ED77BC3B-F4E0-46E0-8276-7F4159E53F72}\RP14\A0004923.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{ED77BC3B-F4E0-46E0-8276-7F4159E53F72}\RP14\A0004924.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{ED77BC3B-F4E0-46E0-8276-7F4159E53F72}\RP14\A0004925.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{ED77BC3B-F4E0-46E0-8276-7F4159E53F72}\RP14\A0004926.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{ED77BC3B-F4E0-46E0-8276-7F4159E53F72}\RP14\A0004927.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{ED77BC3B-F4E0-46E0-8276-7F4159E53F72}\RP14\A0004928.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{ED77BC3B-F4E0-46E0-8276-7F4159E53F72}\RP14\A0004954.DLL
    ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:29:04 PM, on 7/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\INTERN~2\mum.exe
    C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe
    C:\Program Files\Chronograph\chrono.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\Flashget\jccatch.dll
    O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\Flashget\getflash.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\Flashget\fgiebar.dll
    O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
    O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
    O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
    O4 - HKCU\..\Run: [Chronograph] "C:\Program Files\Chronograph\chrono.exe" /autorun
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\Flashget\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\Flashget\jc_link.htm
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O8 - Extra context menu item: Open Selected URL - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\openselectedurl.htm
    O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Search &Google - C:\Program Files\RightClickGoogleSearchOpenSelectedURL\google.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Flashget\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\Flashget\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\spyemergencycnt.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///E:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
    O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\Win32\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007.SP1\RpcSandraSrv.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Spy Emergency Shield Service (SpyEmrgSrv) - NETGATE Technologies s.r.o. - C:\Program Files\NETGATE\Spy Emergency 2007\SpyEmergencySrv.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O24 - Desktop Component 0: (no name) - http://www.learnall-forums.co.uk/forums/clientscript/vbulletin_global.js?v=364

    --
    End of file - 16145 bytes
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222

    Close all applications and browser windows before you click "fix checked".


    How is it running now? Any problems?
     
  9. Paronald

    Paronald Thread Starter

    Joined:
    May 15, 2006
    Messages:
    10
    Everything seems to be working fine. No more winantispyware, etc.
    Computer is running a lot faster.(y)
    Thank you very much, cybertech.
    BTW... SUPERAntispyware picked up a trojan that six other antispyware progs missed.
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Great!!

    You can and should remove all of the tools I requested you to download and/or folders associated with them now. It is pointless to keep these tools around as they are updated so frequently that the tools can be outdated within a few days, sometimes within just hours.

    OTMoveIt by OldTimer has a CleanUp! option you can use to remove most of the fixes and associated files and folders if you want to use that. If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so. Also remove OTMoveIt.

    SUPERAntiSpyware is a trial version so you can keep that until the trial is over and then uninstall.


    It's a good idea to Flush your System Restore after removing malware:
    Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405


    Here are some additional links for you to check out to help you with your computer security.

    Secunia software inspector & update checker

    Good free tools and advice on how to tighten your security settings.

    Security Help Tools



    You're welcome!
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/597193

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice