1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: WinAntiVirus Pro 2007

Discussion in 'Virus & Other Malware Removal' started by georgeg2000, Aug 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. georgeg2000

    georgeg2000 Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    164
    Yesterday, I encountered a series of pop-up messages telling me to download WinAntiVirus Pro 2007. It wouldn't go away so I went online to me favorite support site (right here) and followed some similar threads.

    Here is a log from ComboFix:

    ComboFix 07-08-06 - "Compaq_Owner" 2007-08-05 17:22:38.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.163 [GMT -7:00]
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp62.tmp.exe
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp64.tmp.exe
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp65.tmp.exe
    C:\WINDOWS\system32\dinemx.dll
    C:\WINDOWS\system32\dnece4e428.dat
    C:\WINDOWS\system32\qwerty12.exe
    C:\WINDOWS\system32\tmp64.tmp.dll
    C:\WINDOWS\system32\tmp65.tmp.dll
    C:\WINDOWS\system32\vtstu.exe
    C:\WINDOWS\xhelper.dll
    D:\Autorun.inf


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_DOMAINSERVICE


    ((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


    2007-08-05 17:21 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-05 16:48 131,433 --a------ C:\WINDOWS\tutqnl.dll
    2007-08-03 16:22 13,380 --a------ C:\WINDOWS\system32\jkhhihe.dll
    2007-07-30 17:26 <DIR> d-------- C:\Program Files\Foxit Software
    2007-07-30 17:22 84,992 --a------ C:\WINDOWS\WebAssist.dll
    2007-07-28 15:31 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-07-28 12:35 <DIR> d--h----- C:\temp\pt8q3khslw
    2007-07-28 12:34 528,384 --------- C:\WINDOWS\system32\VZWDownManager.exe
    2007-07-28 12:34 49,152 --------- C:\WINDOWS\system32\VZWDLManager.dll
    2007-07-28 12:34 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
    2007-07-28 12:34 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
    2007-07-28 12:34 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
    2007-07-28 12:34 <DIR> d-------- C:\Program Files\Verizon Wireless
    2007-07-28 12:34 <DIR> d-------- C:\Program Files\LG Electronics
    2007-07-28 12:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-07-26 17:56 <DIR> d-------- C:\Program Files\BitTorrent
    2007-07-26 17:56 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
    2007-07-14 15:23 <DIR> d-------- C:\temp


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-05 17:27 3649 --a------ C:\WINDOWS\viassary-hp.reg
    2007-08-04 13:28 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
    2007-08-02 21:26 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Ahead
    2007-08-01 15:03 1480 --a------ C:\WINDOWS\AUTOLNCH.REG
    2007-07-28 12:34 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-24 14:40 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
    2007-07-14 15:27 --------- d-------- C:\Program Files\HP
    2007-07-14 15:26 --------- d-------- C:\Program Files\Hewlett-Packard
    2007-07-04 14:59 22592 --a------ C:\WINDOWS\system32\BdIGhtop.exe
    2007-06-09 07:15 --------- d-------- C:\Program Files\Lavasoft
    2007-06-09 07:15 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
    2007-06-09 07:14 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2005-03-09 22:21 110 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
    2005-05-01 22:24:11 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2005-01-10 12:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]
    "VTTimer"="C:\hp\patches\51WW1VIA\src\VTTimer.exe" [2004-10-23 04:53]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-21 22:31]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-01 22:36]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-10-21 21:41]
    "SiSPower"="SiSPower.dll" [2005-04-12 11:31 C:\WINDOWS\system32\SiSPower.dll]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
    "QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-01 23:36]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
    "hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-08-05 11:00]
    "hp imaging helper"="C:\WINDOWS\system32\hpusbscr.exe" [2002-09-11 09:49]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
    "GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 15:21]
    "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-05-19 11:21]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 07:46]
    "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
    "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-21 23:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 14:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
    "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 13:04]
    "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 21:07]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-06-19 20:28]

    C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
    Compaq Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2004-10-21 23:10:10]
    MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-07-28 12:34:29]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-02-14 21:12:06]
    ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 11:04:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Data\Eudora\EuShlExt.dll [2005-11-14 17:15 86016]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\jkhhihe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
    backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Event Reminder.lnk]
    path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Event Reminder.lnk
    backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 5370C]
    C:\sj666\hpupdate.exe 5370C+

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
    R2 DS1410D;DS1410D;C:\WINDOWS\system32\drivers\DS1410D.SYS
    R2 SemLPT;SemLPT;C:\WINDOWS\system32\drivers\SemLPT.sys
    R3 GoProto;GoProto Protocol Driver;C:\WINDOWS\system32\DRIVERS\goprot51.sys
    R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINDOWS\system32\DRIVERS\hpusbfd.sys
    R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
    R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
    R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
    R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
    R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    S1 SydexFDD;Sydex Floppy Driver;C:\WINDOWS\system32\Drivers\Sydexfdd.sys
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCAMPR5.SYS
    S3 usbbus;LGE CDMA Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    S3 UsbDiag;LGE CDMA USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    S3 USBModem;LGE CDMA USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef837de0-57ff-11da-84d0-0011d875fd0f}]
    AutoRun\command- K:\LinksysConnectPC.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-27 16:00:30 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-01 17:00:30 C:\WINDOWS\Tasks\At11.job
    2007-08-04 18:00:30 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-28 19:00:30 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-04 20:00:30 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-04 21:00:30 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-04 22:00:30 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-05 23:01:29 C:\WINDOWS\Tasks\At17.job
    2007-08-06 00:00:30 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-23 01:00:32 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-30 02:00:30 C:\WINDOWS\Tasks\At20.job
    2007-08-03 03:00:30 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-03 04:00:30 C:\WINDOWS\Tasks\At22.job
    2007-07-11 05:00:30 C:\WINDOWS\Tasks\At23.job
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At24.job
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At7.job
    2007-07-14 14:00:30 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-01-20 04:00:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job - C:\PROGRA~1\NORTON~1\Navw32.exe
    2005-08-13 00:35:01 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
    2007-08-06 00:30:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-05 17:27:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-05 17:31:11 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-05 17:31

    --- E O F ---

    And here is a log from running Hijack This after running Combofix:

    Logfile of HijackThis v1.99.1
    Scan saved at 7:08:29 PM, on 8/5/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\nda.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Install_Files\AdAware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {22c38a92-9520-49bd-90f1-2e9fa14d3ae8} - C:\WINDOWS\system32\conmgr.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Compaq Organize.lnk = ?
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121737067953
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O20 - AppInit_DLLs: c:\windows\system32\jkhhihe.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: conmgr - conmgr.dll (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    The pop-up don't seem to be back but I'm not sure as I was unable to connect to the internet all evening (and even this morning.) I'm on AT&T DSL and sometimes it seems to drop the connection but I can usually get it back. So, does it look like I'm still infected and could running ComboFix have done anything to my DSL settings? I'm connecting to my router OK but can't find the 'net.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download VundoFix.exe to your desktop.



    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
     
  3. georgeg2000

    georgeg2000 Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    164

    I did that. Nothing was found. The annoying popup hasn't come back so maybe everything is OK. Thanks for your help.
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Your ComboFix results indicated infection remaining. I wouldn't mark this solved yet.
     
  5. georgeg2000

    georgeg2000 Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    164
    OK, I'll take your word for it. That WOULD be how my luck runs. Just what entry in the Combofix log indicates the infection?
    You know, now that I think of it, the original WinAntivirus popups aren't showing up but I am getting popups telling me to activate Norton Anti-virus which I removed a long time ago. Does this virus change its "spots" so to speak?

    Just to show how my luck runs, after fighting this infection on my wife's computer on Sunday afternoon, I went out to my shop where my pc is located to find that my C: drive has apparently died! Tonight I'll try cycling the cables before I give up on it, its only 5 years old.:rolleyes:
     
  6. georgeg2000

    georgeg2000 Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    164
    Unfortunately, I had already marked it solved. How do I unmark it, that isn't an option in the thread tools. Can you remove the solved marks as Moderator?
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    I will mark it Unsolved. In the meantime, please rerun ComboFix and post the results, along with a new Hijack This log.
     
  8. georgeg2000

    georgeg2000 Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    164
    Here is the new ComboFix log:

    ComboFix 07-08-06 - "Compaq_Owner" 2007-08-08 19:48:38.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.50 [GMT -7:00]


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmp184.tmp.exe
    C:\DOCUME~1\COMPAQ~1\APPLIC~1\tmpB.tmp.exe
    C:\WINDOWS\system32\ddabb.exe
    C:\WINDOWS\system32\dnece4e428.dat
    C:\WINDOWS\system32\geeby.exe
    C:\WINDOWS\system32\hlpPX7.dll
    C:\WINDOWS\system32\qwerty12.exe


    ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


    2007-08-07 22:28 <DIR> d-------- C:\Program Files\ToniArts
    2007-08-07 21:30 131,426 --a------ C:\WINDOWS\rqppqn.dll
    2007-08-06 17:35 <DIR> d-------- C:\VundoFix Backups
    2007-08-05 21:46 <DIR> d-------- C:\Logs
    2007-08-05 17:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-08-05 17:39 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com
    2007-08-05 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-08-05 17:21 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-05 16:48 131,433 --a------ C:\WINDOWS\tutqnl.dll
    2007-08-03 16:22 13,380 --a------ C:\WINDOWS\system32\jkhhihe.dll
    2007-07-30 17:26 <DIR> d-------- C:\Program Files\Foxit Software
    2007-07-30 17:22 84,992 --a------ C:\WINDOWS\WebAssist.dll
    2007-07-28 15:31 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-07-28 12:35 <DIR> d--h----- C:\temp\pt8q3khslw
    2007-07-28 12:34 528,384 --------- C:\WINDOWS\system32\VZWDownManager.exe
    2007-07-28 12:34 49,152 --------- C:\WINDOWS\system32\VZWDLManager.dll
    2007-07-28 12:34 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
    2007-07-28 12:34 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
    2007-07-28 12:34 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
    2007-07-28 12:34 <DIR> d-------- C:\Program Files\Verizon Wireless
    2007-07-28 12:34 <DIR> d-------- C:\Program Files\LG Electronics
    2007-07-28 12:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-07-26 17:56 <DIR> d-------- C:\Program Files\BitTorrent
    2007-07-26 17:56 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
    2007-07-14 15:23 <DIR> d-------- C:\temp


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-08 19:54 92058 --a------ C:\WINDOWS\system32\dnece4e428.dat
    2007-08-08 19:54 3649 --a------ C:\WINDOWS\viassary-hp.reg
    2007-08-08 19:53 92709 --a------ C:\WINDOWS\system32\igfoin.dll
    2007-08-08 19:53 105385 --a------ C:\WINDOWS\system32\sstqo.exe
    2007-08-08 19:49 --------- d-------- C:\Program Files\Common Files\Symantec Shared
    2007-08-07 22:32 --------- d-------- C:\Program Files\Norton AntiVirus
    2007-08-07 22:28 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-05 17:39 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-04 13:28 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
    2007-08-02 21:26 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Ahead
    2007-08-01 15:03 1480 --a------ C:\WINDOWS\AUTOLNCH.REG
    2007-07-24 14:40 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
    2007-07-14 15:27 --------- d-------- C:\Program Files\HP
    2007-07-14 15:26 --------- d-------- C:\Program Files\Hewlett-Packard
    2007-07-04 14:59 22592 --a------ C:\WINDOWS\system32\BdIGhtop.exe
    2007-06-09 07:15 --------- d-------- C:\Program Files\Lavasoft
    2007-06-09 07:15 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
    2005-03-09 22:21 110 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
    2005-05-01 22:24:11 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22c38a92-9520-49bd-90f1-2e9fa14d3ae8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6a9f30b-7105-48f8-95b1-1fb26f19d5e7}]
    2007-08-08 19:53 92709 --a------ C:\WINDOWS\system32\igfoin.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2005-01-10 12:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]
    "VTTimer"="C:\hp\patches\51WW1VIA\src\VTTimer.exe" [2004-10-23 04:53]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-21 22:31]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-01 22:36]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-10-21 21:41]
    "SiSPower"="SiSPower.dll" [2005-04-12 11:31 C:\WINDOWS\system32\SiSPower.dll]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
    "QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-01 23:36]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
    "hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-08-05 11:00]
    "hp imaging helper"="C:\WINDOWS\system32\hpusbscr.exe" [2002-09-11 09:49]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
    "GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 15:21]
    "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-05-19 11:21]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 07:46]
    "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
    "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-21 23:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 14:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
    "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 13:04]
    "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 21:07]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-06-19 20:28]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
    Compaq Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2004-10-21 23:10:10]
    MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-07-28 12:34:29]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-02-14 21:12:06]
    ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 11:04:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Data\Eudora\EuShlExt.dll [2005-11-14 17:15 86016]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\conmgr]
    conmgr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfoin]
    igfoin.dll 2007-08-08 19:53 92709 C:\WINDOWS\system32\igfoin.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\jkhhihe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
    backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Event Reminder.lnk]
    path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Event Reminder.lnk
    backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 5370C]
    C:\sj666\hpupdate.exe 5370C+

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
    R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    R2 DS1410D;DS1410D;C:\WINDOWS\system32\drivers\DS1410D.SYS
    R2 SemLPT;SemLPT;C:\WINDOWS\system32\drivers\SemLPT.sys
    R3 GoProto;GoProto Protocol Driver;C:\WINDOWS\system32\DRIVERS\goprot51.sys
    R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINDOWS\system32\DRIVERS\hpusbfd.sys
    R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
    R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
    R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
    R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
    R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    S1 SydexFDD;Sydex Floppy Driver;C:\WINDOWS\system32\Drivers\Sydexfdd.sys
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCAMPR5.SYS
    S3 usbbus;LGE CDMA Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    S3 UsbDiag;LGE CDMA USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    S3 USBModem;LGE CDMA USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef837de0-57ff-11da-84d0-0011d875fd0f}]
    AutoRun\command- K:\LinksysConnectPC.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-27 16:00:30 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-01 17:00:30 C:\WINDOWS\Tasks\At11.job
    2007-08-04 18:00:30 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-28 19:00:30 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-08 20:00:30 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-04 21:00:30 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-04 22:00:30 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-05 23:01:29 C:\WINDOWS\Tasks\At17.job
    2007-08-09 02:40:57 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-06 01:00:35 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-06 02:00:30 C:\WINDOWS\Tasks\At20.job
    2007-08-03 03:00:30 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-03 04:00:30 C:\WINDOWS\Tasks\At22.job
    2007-08-08 05:00:30 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At24.job
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At7.job
    2007-07-14 14:00:30 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-01-20 04:00:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job - C:\PROGRA~1\NORTON~1\Navw32.exe
    2005-08-13 00:35:01 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
    2007-08-09 02:55:02 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-08 19:52:58
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\dnece4e428.dat
    C:\WINDOWS\system32\dn_crash.log
    C:\WINDOWS\system32\igfoin.dll

    scan completed successfully
    hidden files: 3

    **************************************************************************

    Completion time: 2007-08-08 19:56:47 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-08 19:56

    --- E O F ---


    And here is the latest HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 8:00:34 PM, on 8/8/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Install_Files\AdAware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {d6a9f30b-7105-48f8-95b1-1fb26f19d5e7} - C:\WINDOWS\system32\igfoin.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Compaq Organize.lnk = ?
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121737067953
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O20 - AppInit_DLLs: c:\windows\system32\jkhhihe.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: conmgr - conmgr.dll (file missing)
    O20 - Winlogon Notify: igfoin - C:\WINDOWS\SYSTEM32\igfoin.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

     
  9. georgeg2000

    georgeg2000 Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    164
    Last night I ran SuperAntiSpyware again (after updating it) and remove 9 items from another trojan so here are another set of logs:

    ComboFix 07-08-06 - "Compaq_Owner" 2007-08-09 6:08:36.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.68 [GMT -7:00]


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\dnece4e428.dat
    C:\WINDOWS\system32\sstqo.exe


    ((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


    2007-08-07 22:28 <DIR> d-------- C:\Program Files\ToniArts
    2007-08-07 21:30 131,426 --a------ C:\WINDOWS\rqppqn.dll
    2007-08-06 17:35 <DIR> d-------- C:\VundoFix Backups
    2007-08-05 21:46 <DIR> d-------- C:\Logs
    2007-08-05 17:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-08-05 17:39 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\SUPERAntiSpyware.com
    2007-08-05 17:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
    2007-08-05 17:21 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-05 16:48 131,433 --a------ C:\WINDOWS\tutqnl.dll
    2007-07-30 17:26 <DIR> d-------- C:\Program Files\Foxit Software
    2007-07-30 17:22 84,992 --a------ C:\WINDOWS\WebAssist.dll
    2007-07-28 15:31 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-07-28 12:35 <DIR> d--h----- C:\temp\pt8q3khslw
    2007-07-28 12:34 528,384 --------- C:\WINDOWS\system32\VZWDownManager.exe
    2007-07-28 12:34 49,152 --------- C:\WINDOWS\system32\VZWDLManager.dll
    2007-07-28 12:34 22,912 --a------ C:\WINDOWS\system32\drivers\lgusbmodem.sys
    2007-07-28 12:34 21,248 --a------ C:\WINDOWS\system32\drivers\lgusbdiag.sys
    2007-07-28 12:34 12,672 --a------ C:\WINDOWS\system32\drivers\lgusbbus.sys
    2007-07-28 12:34 <DIR> d-------- C:\Program Files\Verizon Wireless
    2007-07-28 12:34 <DIR> d-------- C:\Program Files\LG Electronics
    2007-07-28 12:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2007-07-26 17:56 <DIR> d-------- C:\Program Files\BitTorrent
    2007-07-26 17:56 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\BitTorrent
    2007-07-14 15:23 <DIR> d-------- C:\temp


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-09 05:35 --------- d-------- C:\Program Files\Common Files\Symantec Shared
    2007-08-09 05:34 3649 --a------ C:\WINDOWS\viassary-hp.reg
    2007-08-07 22:32 --------- d-------- C:\Program Files\Norton AntiVirus
    2007-08-07 22:28 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-05 17:39 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-08-04 13:28 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
    2007-08-02 21:26 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Ahead
    2007-08-01 15:03 1480 --a------ C:\WINDOWS\AUTOLNCH.REG
    2007-07-24 14:40 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
    2007-07-14 15:27 --------- d-------- C:\Program Files\HP
    2007-07-14 15:26 --------- d-------- C:\Program Files\Hewlett-Packard
    2007-07-04 14:59 22592 --a------ C:\WINDOWS\system32\BdIGhtop.exe
    2007-06-09 07:15 --------- d-------- C:\Program Files\Lavasoft
    2007-06-09 07:15 --------- d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Lavasoft
    2005-03-09 22:21 110 --a------ C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
    2005-05-01 22:24:11 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{22c38a92-9520-49bd-90f1-2e9fa14d3ae8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d6a9f30b-7105-48f8-95b1-1fb26f19d5e7}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced Tools Check"="C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" [2005-01-10 12:20]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-02-17 11:05]
    "VTTimer"="C:\hp\patches\51WW1VIA\src\VTTimer.exe" [2004-10-23 04:53]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 08:01]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-21 22:31]
    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-01 22:36]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-10-21 21:41]
    "SiSPower"="SiSPower.dll" [2005-04-12 11:31 C:\WINDOWS\system32\SiSPower.dll]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43]
    "QuickFinder Scheduler"="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-10-01 23:36]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04]
    "hpfsched"="C:\WINDOWS\hpfsched.exe" [1998-08-05 11:00]
    "hp imaging helper"="C:\WINDOWS\system32\hpusbscr.exe" [2002-09-11 09:49]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 C:\WINDOWS\AGRSMMSG.exe]
    "GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 15:21]
    "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2003-05-19 11:21]
    "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 07:46]
    "YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
    "Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51]
    "KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44]
    "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-21 23:01]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 14:00]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
    "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe" [2004-05-12 13:04]
    "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-04-02 21:07]
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
    "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
    Compaq Organize.lnk - C:\Program Files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2004-10-21 23:10:10]
    MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-07-28 12:34:29]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
    AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2007-02-14 21:12:06]
    ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-10-03 11:04:38]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Data\Eudora\EuShlExt.dll [2005-11-14 17:15 86016]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\conmgr]
    conmgr.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfoin]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "appinit_dlls"=c:\windows\system32\jkhhihe.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
    backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Event Reminder.lnk]
    path=C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\Event Reminder.lnk
    backup=C:\WINDOWS\pss\Event Reminder.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Update 5370C]
    C:\sj666\hpupdate.exe 5370C+

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    C:\Program Files\iTunes\iTunesHelper.exe

    R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
    R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys
    R1 SASDIFSV;SASDIFSV;\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    R1 SASKUTIL;SASKUTIL;\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    R2 DS1410D;DS1410D;C:\WINDOWS\system32\drivers\DS1410D.SYS
    R2 SemLPT;SemLPT;C:\WINDOWS\system32\drivers\SemLPT.sys
    R3 GoProto;GoProto Protocol Driver;C:\WINDOWS\system32\DRIVERS\goprot51.sys
    R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINDOWS\system32\DRIVERS\hpusbfd.sys
    R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
    R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
    R3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
    R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
    R3 SASENUM;SASENUM;\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
    S1 SydexFDD;Sydex Floppy Driver;C:\WINDOWS\system32\Drivers\Sydexfdd.sys
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\PCAMPR5.SYS
    S3 usbbus;LGE CDMA Composite USB Device;C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
    S3 UsbDiag;LGE CDMA USB Serial Port;C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
    S3 USBModem;LGE CDMA USB Modem;C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
    S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.sys


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef837de0-57ff-11da-84d0-0011d875fd0f}]
    AutoRun\command- K:\LinksysConnectPC.exe


    Contents of the 'Scheduled Tasks' folder
    2007-08-09 07:00:30 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-27 16:00:30 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-01 17:00:30 C:\WINDOWS\Tasks\At11.job
    2007-08-04 18:00:30 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-28 19:00:30 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-08 20:00:30 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-04 21:00:30 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-04 22:00:30 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-05 23:01:29 C:\WINDOWS\Tasks\At17.job
    2007-08-09 02:40:57 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-06 01:00:35 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-09 08:00:30 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-06 02:00:30 C:\WINDOWS\Tasks\At20.job
    2007-08-09 03:00:30 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-03 04:00:30 C:\WINDOWS\Tasks\At22.job
    2007-08-08 05:00:30 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-09 06:00:39 C:\WINDOWS\Tasks\At24.job
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-08-09 13:00:30 C:\WINDOWS\Tasks\At7.job
    2007-07-14 14:00:30 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-07-04 22:01:10 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\BdIGhtop.exe
    2007-01-20 04:00:20 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Compaq_Owner.job - C:\PROGRA~1\NORTON~1\Navw32.exe
    2005-08-13 00:35:01 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
    2007-08-09 13:10:00 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDetect.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-09 06:10:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00000382

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-09 6:11:01
    C:\ComboFix-quarantined-files.txt ... 2007-08-09 06:10
    C:\ComboFix2.txt ... 2007-08-08 19:56

    --- E O F ---


    AND

    Logfile of HijackThis v1.99.1
    Scan saved at 6:15:24 AM, on 8/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\nda.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\WINDOWS\explorer.exe
    C:\Install_Files\AdAware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {22c38a92-9520-49bd-90f1-2e9fa14d3ae8} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {d6a9f30b-7105-48f8-95b1-1fb26f19d5e7} - (no file)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Compaq Organize.lnk = ?
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121737067953
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O20 - AppInit_DLLs: c:\windows\system32\jkhhihe.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: conmgr - conmgr.dll (file missing)
    O20 - Winlogon Notify: igfoin - C:\WINDOWS\
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Be back shortly with instructions
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    1. Please download The Avenger by Swandog46 to your Desktop.
    • Click on Avenger.zip to open the file
    • Extract avenger.exe to your desktop

    2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


    3. Now, start The Avenger program by clicking on its icon on your desktop.
    • Under "Script file to execute" choose "Input Script Manually".
    • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
    • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
    • Click Done
    • Now click on the Green Light to begin execution of the script
    • Answer "Yes" twice when prompted.
    4. The Avenger will automatically do the following:
    • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
    • On reboot, it will briefly open a black command window on your desktop, this is normal.
    • After the restart, it creates a log file that should open with the results of Avenger¬ís actions. This log file will be located at C:\avenger.txt
    • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
    5. Please copy/paste the content of c:\avenger.txt into your reply.

    Rescan with Hijack This, close all browser windows except Hijack This, put a checkmark beside these entries and click fix checked.

    O2 - BHO: (no name) - {22c38a92-9520-49bd-90f1-2e9fa14d3ae8} - (no file)

    O2 - BHO: (no name) - {d6a9f30b-7105-48f8-95b1-1fb26f19d5e7} - (no file)

    O20 - AppInit_DLLs: c:\windows\system32\jkhhihe.dll

    O20 - Winlogon Notify: conmgr - conmgr.dll (file missing)

    O20 - Winlogon Notify: igfoin - C:\WINDOWS\


    Reboot and post another Hijack This log please.
     
  12. georgeg2000

    georgeg2000 Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    164
    Here is the Avenger.txt log:

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\keeblllm

    *******************

    Script file located at: \??\C:\WINDOWS\system32\btruduek.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\rqppqn.dll deleted successfully.
    File C:\WINDOWS\tutqnl.dll deleted successfully.


    File C:\WINDOWS\system32\jkhhihe.dll not found!
    Deletion of file C:\WINDOWS\system32\jkhhihe.dll failed!

    Could not process line:
    C:\WINDOWS\system32\jkhhihe.dll
    Status: 0xc0000034



    File C:\WINDOWS\system32\igfoin.dll not found!
    Deletion of file C:\WINDOWS\system32\igfoin.dll failed!

    Could not process line:
    C:\WINDOWS\system32\igfoin.dll
    Status: 0xc0000034



    File C:\WINDOWS\system32\sstqo.exe not found!
    Deletion of file C:\WINDOWS\system32\sstqo.exe failed!

    Could not process line:
    C:\WINDOWS\system32\sstqo.exe
    Status: 0xc0000034


    Completed script processing.

    *******************

    Finished! Terminate.

    And the latest HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:10:36 PM, on 8/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\hp\patches\51WW1VIA\src\VTTimer.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
    C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\nda.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Install_Files\AdAware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {22c38a92-9520-49bd-90f1-2e9fa14d3ae8} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {d6a9f30b-7105-48f8-95b1-1fb26f19d5e7} - (no file)
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [VTTimer] C:\hp\patches\51WW1VIA\src\VTTimer.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe
    O4 - HKLM\..\Run: [hp imaging helper] C:\WINDOWS\system32\hpusbscr.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Compaq Organize.lnk = ?
    O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
    O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://img.member.yahoo.com/dl/atty/yinst_current.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121737067953
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: conmgr - C:\WINDOWS\
    O20 - Winlogon Notify: igfoin - C:\WINDOWS\
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~3\NORTON~1\GHOSTS~2.EXE
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~3\SPEEDD~1\nopdb.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Temporarily disable SpyBot's TeaTimer:

    Open Spybot and click on Mode and check Advanced Mode
    Check yes to next window.
    Click on Tools in bottom left hand corner.
    Click on System Startup icon.
    Uncheck Teatimer box.
    Click Allow Change box.

    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    O2 - BHO: (no name) - {22c38a92-9520-49bd-90f1-2e9fa14d3ae8} - (no file)

    O2 - BHO: (no name) - {d6a9f30b-7105-48f8-95b1-1fb26f19d5e7} - (no file)

    O20 - Winlogon Notify: conmgr - C:\WINDOWS\

    O20 - Winlogon Notify: igfoin - C:\WINDOWS\


    Reboot, post a new log.
     
  14. georgeg2000

    georgeg2000 Thread Starter

    Joined:
    Feb 12, 2004
    Messages:
    164
    How familiar with Spybot are you? On this computer when I get a pop-up message from Spybot about a registry change, the bottom of the pop-up is compressed so I can't read what the options are. Spybot doesn't do this on my computer, just on the wife's. Would there be any advantage to un-installing the program and re-installing it to fix this, do you think? I'll follow your instructions re: temporarily disabling Spybots Tea Timer this evening as soon as I get a chance. Thanks for your help, I really appreciate it and will follow up with a donation to TSG.
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    The one thing I never liked about SpyBot was the Tea Timer feature.
    It seems to alert constantly, even for legit things. I know it's good for its detecings malicious processes, but monitors like everyyyyyyyy process - which can get annoying.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/605928

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice