Solved: XP taking forever to do the simplest tasks

[Phisk]

I have a lot of malware affecting my computer, but I can't find it.
Virus and Spyware scanners don't work, and when I delete suspicious looking processes in the C A D box, they always come back.
I've had the cmd box come up, I've had notifications of new programs being installed that are random, programs that I always used are also being mimicked by these programs.
I don't know why, and I've run out of ideas that normally work.
what should I do?

Also, my sound just stopped working.

 

[cybertech]

Hi, Welcome to TSG!!


Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

[Phisk]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:04 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\TEMP\winFF.tmp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winFF.tmp.exe
O4 - HKLM\..\Run: [icq.com] "rundll32.exe" "C:\WINDOWS\system32\jidnihee.dll",forkonce
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7490 bytes



Known problems:

mgrs.exe

ophcrack-livecd-1.1.4 keeps downloading to my desktop when I start Firefox

 

[cybertech]

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

Click Exit on the Main menu to close the program.


Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

[Phisk]

"phil" - 2007-07-11 23:14:39 - ComboFix 07-07-12.3 - Service Pack 2

/wow section - STAGE #8

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\jidnihee.dll
C:\WINDOWS\system32\mfoixehh.dll
C:\WINDOWS\system32\lsctfhfk.exe
C:\WINDOWS\system32\winjks32.dll
C:\WINDOWS\system32\eehindij.ini
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.bak2
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\mljgg.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))


2007-07-11 23:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-11 18:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-11 16:22 66,112 --a------ C:\WINDOWS\system32\awdqrkrb.exe
2007-07-11 06:10 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-11 06:09 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\Winamp
2007-07-11 04:26 <DIR> d-------- C:\WINDOWS\system32\msmq
2007-07-11 03:02 22,080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-07-11 03:02 21,056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-07-11 03:02 20,544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-07-11 03:02 144,448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-07-11 03:02 <DIR> d-------- C:\Program Files\Webroot
2007-07-11 03:02 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Webroot
2007-07-11 03:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot
2007-07-11 02:59 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\Webroot
2007-07-11 01:36 31,254 --a------ C:\WINDOWS\system32\rqrrpnk.dll
2007-07-09 19:56 <DIR> d-------- C:\ATARI
2007-07-09 19:55 <DIR> d-------- C:\MAME
2007-07-08 20:27 <DIR> d-------- C:\N64
2007-07-08 20:26 <DIR> d-------- C:\snes9x
2007-07-08 20:23 <DIR> d-------- C:\Sega Genesis
2007-07-08 20:23 <DIR> d-------- C:\PJ64
2007-07-08 20:21 <DIR> d-------- C:\zSNES
2007-07-08 19:19 31,254 --a------ C:\WINDOWS\system32\byxwvsq.dll
2007-07-04 02:51 <DIR> d-------- C:\LEMMINGS
2007-07-02 15:13 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2007-07-01 20:09 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2007-06-30 22:05 <DIR> d-------- C:\Program Files\Aquarius Soft
2007-06-30 22:05 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\Aquarius Soft
2007-06-30 22:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aquarius Soft
2007-06-29 22:58 110,592 --a------ C:\WINDOWS\system32\ccrpbds6.dll
2007-06-29 22:58 <DIR> d-------- C:\Program Files\PIXresizer
2007-06-29 16:53 12,288 --a------ C:\WINDOWS\mgrs.exe
2007-06-29 15:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Messenger 6.1.0207
2007-06-29 15:17 <DIR> d-------- C:\Program Files\MSN Messenger
2007-06-27 22:05 <DIR> d-------- C:\Program Files\DosBox
2007-06-27 22:04 <DIR> d-------- C:\Program Files\Tyrian
2007-06-23 19:17 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-23 19:16 <DIR> d-------- C:\WINDOWS\Video to iPod MP4 PSP 3GP Converter
2007-06-23 19:16 <DIR> d-------- C:\Program Files\Video to iPod MP4 PSP 3GP Converter
2007-06-23 00:07 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2007-06-23 00:07 <DIR> d-------- C:\Program Files\Replay Media Catcher
2007-06-22 14:04 <DIR> d-------- C:\Program Files\FLVPlayer
2007-06-22 02:27 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\SWF.max
2007-06-22 02:26 <DIR> d-------- C:\Program Files\SWF.max
2007-06-22 00:08 <DIR> d-------- C:\Program Files\Sony
2007-06-21 19:07 <DIR> d-------- C:\Program Files\iPod
2007-06-20 01:14 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-06-20 00:52 <DIR> d-------- C:\Program Files\Publisher XP
2007-06-20 00:12 476,576 -ra------ C:\Program Files\SETUP.EXE
2007-06-19 23:59 1,499,904 -ra------ C:\Program Files\INSTMSIW.EXE
2007-06-19 23:59 1,489,152 -ra------ C:\Program Files\INSTMSI.EXE
2007-06-19 23:54 <DIR> d-------- C:\Program Files\FILES
2007-06-19 23:53 <DIR> d-------- C:\Program Files\SHAREPT
2007-06-19 23:51 <DIR> d-------- C:\Program Files\ORK
2007-06-19 23:51 <DIR> d-------- C:\Program Files\MSDE2000
2007-06-18 17:36 <DIR> d-------- C:\Program Files\BitTorrent
2007-06-18 17:36 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\BitTorrent
2007-06-17 22:16 <DIR> d-------- C:\Downloads
2007-06-17 22:15 <DIR> d-------- C:\Program Files\BitComet
2007-06-16 09:33 <DIR> d-------- C:\Program Files\System
2007-06-16 09:24 <DIR> d-------- C:\Program Files\iTunes
2007-06-16 09:21 <DIR> d-------- C:\Program Files\Library
2007-06-16 09:21 <DIR> d-------- C:\Program Files\Developer
2007-06-16 05:19 7,852 --a------ C:\WINDOWS\system32\mcdmsg7.dll
2007-06-16 04:38 <DIR> d-------- C:\Program Files\TGTSoft
2007-06-15 17:16 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-06-13 17:55 <DIR> d-------- C:\DOCUME~1\phil\APPLIC~1\uTorrent


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-11 10:13:50 -------- d-----w C:\Program Files\Winamp
2007-07-11 08:57:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-11 08:51:35 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-11 08:51:30 -------- d-----w C:\Program Files\Symantec
2007-07-11 08:46:21 -------- d-----w C:\Program Files\LimeWire
2007-07-11 08:42:45 -------- d-----w C:\Program Files\Common Files\Corel
2007-07-11 08:26:45 -------- d-----w C:\Program Files\Windows NT
2007-07-11 03:37:17 -------- d-----w C:\Program Files\Common Files\Intuit
2007-07-11 03:29:26 -------- d-----w C:\Program Files\Stardock
2007-07-11 02:41:28 -------- d-----w C:\Program Files\DivX
2007-07-08 22:50:24 -------- d-----w C:\DOCUME~1\phil\APPLIC~1\OpenOffice.org2
2007-07-02 00:43:20 -------- d-----w C:\Program Files\Symantec_Client_Security
2007-06-23 23:11:47 -------- d-----w C:\Program Files\Common Files\AOL
2007-06-19 06:15:09 -------- d-----w C:\Program Files\Google
2007-06-16 08:13:50 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-06-16 08:13:30 56 --sh--r C:\WINDOWS\system32\01003E142A.sys
2007-06-01 01:32:03 -------- d-----w C:\Program Files\Mozilla Firefox 2 Beta 2
2007-05-29 01:15:52 -------- d-----w C:\DOCUME~1\phil\APPLIC~1\AdobeUM
2007-05-20 04:32:27 -------- d-----w C:\DOCUME~1\phil\APPLIC~1\Ambient Design
2007-05-20 04:07:02 -------- d-----w C:\Program Files\Ambient Design
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-30 20:02:15 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 07:21:14 271,360 ----a-w C:\WINDOWS\system32\mscoree.dll
2006-02-17 03:15:26 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2004-01-15 06:34:18 259,539,966 ----a-w C:\Program Files\Microsoft Office XP Publisher 2003.zip
2001-04-04 22:11:28 184 ---ha-r C:\Program Files\AUTORUN.INF
2001-04-03 00:50:14 29 ----a-r C:\Program Files\cd-key.txt
2001-03-02 04:38:12 3,485,184 ----a-r C:\Program Files\PROPLUS.MSI
2001-03-02 04:35:58 306,688 ----a-r C:\Program Files\OWC10.MSI
2001-03-01 19:35:26 224,771,818 ---ha-r C:\Program Files\OFFICE1.CAB
2001-02-21 17:18:24 7,929 ----a-r C:\Program Files\README.HTM


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2004-12-14 01:56 63136 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
2005-06-14 15:56 86016 --a------ C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
2004-12-06 03:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2006-12-15 03:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FB40D31A-B1F8-47EA-BC54-D27DDB475978}]
C:\WINDOWS\system32\oppnljh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}]
2007-07-08 19:19 31254 --a------ C:\WINDOWS\system32\byxwvsq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
"@"="" []
"Zone Labs Client"="C:\Program Files\Zone Labs\Integrity Client\iclient.exe" [2004-06-28 05:34]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 21:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-02-26 17:54]
"HostManager"="C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe" [2006-05-24 07:15]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-06-19 02:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-01-25 21:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"@"="" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FB40D31A-B1F8-47EA-BC54-D27DDB475978}"="C:\WINDOWS\system32\oppnljh.dll" []
"{FD2A7D3A-3DA1-4CA5-AD39-B4C3A72B567F}"="C:\WINDOWS\system32\byxwvsq.dll" [2007-07-08 19:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxwvsq]
byxwvsq.dll --a------ 2007-07-08 19:19 31254 C:\WINDOWS\system32\byxwvsq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppnljh]
oppnljh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll --a------ 2005-11-28 15:52 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
AutoRun\command- E:\setup.exe


Contents of the 'Scheduled Tasks' folder
2007-07-05 14:51:02 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-11 23:22:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-11 23:27:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-11 23:27

--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:11 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6661 bytes

 

[cybertech]

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

 

[Phisk]

SDFix: Version 1.90

Run by phil on Thu 07/12/2007 at 08:05 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\phil\Desktop\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\Setup.exe - Deleted
C:\WINDOWS\mgrs.exe - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:bittorrent"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\phil\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\AlbumArtSmall.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\AlbumArt_{FB781784-9054-4827-A52B-BA1409BF690A}_Large.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\AlbumArt_{FB781784-9054-4827-A52B-BA1409BF690A}_Small.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\Folder.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1989 - Pretty Hate Machine\Thumbs.db
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1992 - Broken\Thumbs.db
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\AlbumArtSmall.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\AlbumArt_{3ABB36F1-5C4E-461A-8D2C-A35C0A6E1863}_Large.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\AlbumArt_{3ABB36F1-5C4E-461A-8D2C-A35C0A6E1863}_Small.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\Folder.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1994 - The Downward Spiral\Thumbs.db
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\AlbumArtSmall.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\AlbumArt_{2701F16C-E894-442E-8796-29DEC1A0D2E9}_Large.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\AlbumArt_{2701F16C-E894-442E-8796-29DEC1A0D2E9}_Small.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\Folder.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1995 - Further Down The Spiral\Thumbs.db
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\Thumbs.db
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\AlbumArtSmall.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\AlbumArt_{69D96A47-7006-472A-BB48-CCD7150CCA16}_Large.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\AlbumArt_{69D96A47-7006-472A-BB48-CCD7150CCA16}_Small.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Left)\Folder.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\AlbumArtSmall.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\AlbumArt_{8A446AA7-728D-4CD0-95D7-E8B145B3B9D4}_Large.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\AlbumArt_{8A446AA7-728D-4CD0-95D7-E8B145B3B9D4}_Small.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\1999 - The Fragile\The Fragile (Right)\Folder.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\AlbumArtSmall.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\AlbumArt_{2094EBE5-C60A-484E-8B5B-3C8C2932F4EF}_Large.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\AlbumArt_{2094EBE5-C60A-484E-8B5B-3C8C2932F4EF}_Small.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\Folder.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2002 - And All That Could Have Been\Thumbs.db
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\AlbumArtSmall.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\AlbumArt_{99B39C73-54FB-4AB9-A3F7-AAB9886B610F}_Large.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\AlbumArt_{99B39C73-54FB-4AB9-A3F7-AAB9886B610F}_Small.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\desktop.ini
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\Folder.jpg
C:\Documents and Settings\phil\My Documents\My Music\Nine.Inch.Nails-Discografia[www.todocvcd.com]\2005 - With Teeth\Thumbs.db
C:\Program Files\MSDE2000\SQLRESLD.DLL
C:\i386\01003E142A.sys
C:\i386\KGyGaAvL.sys
C:\WINDOWS\system32\01003E142A.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Program Files\Google\Google Desktop Search\BIT284.tmp
C:\School\ehighschool\~WRL0004.tmp
C:\School\ehighschool\~WRL1808.tmp
C:\School\ehighschool\~WRL3225.tmp

Finished
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:29 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\khytpjtk.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5413 bytes

 

[Phisk]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:29 PM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\khytpjtk.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5413 bytes

 

[cybertech]

Click Here and download Killbox and save it to your desktop.



Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\khytpjtk.dll",forkonce

Close all applications and browser windows before you click "fix checked".

Close Hijackthis.


Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following line.

C:\WINDOWS\system32\khytpjtk.dll

Click on the button that has the red circle with the X in the middle after you enter the file name.
It will ask for confimation to delete the file.
Click Yes.
It will ask for confimation to reboot now.
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.
If your computer does not restart automatically then please restart it manually.
If you get an error message "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

After reboot please post your hijackthis log in Normal Mode.

 

[Phisk]

I can't access the internet in normal mode.

 

[cybertech]

What is it that you can't do? You are on the internet right now, download killbox.

 

[Phisk]

I'm using safe mode right now, in normal mode my internet is paralyzed.
but this log is from normal mode as far as I know.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:21 PM, on 7/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\ksjrmlrd.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6412 bytes

 

[cybertech]

I don't see any anti-virus software running.
Load AVG http://free.grisoft.com/freeweb.php/doc/2/ it's free.


Click here to download Dr.Web CureIt and save it to your desktop.

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.

 

[Phisk]

mgrs.exe;c:\windows;Trojan.DownLoader.25873;Will be cured after reboot.;
bwasdfst.dll;c:\windows\system32;Trojan.Virtumod;Deleted.;
byxwvsq.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
drvvem.dll;c:\windows\system32;Trojan.Fakealert.249;Will be cured after reboot.;
mljgg.dll;c:\windows\system32;Trojan.Virtumod;Will be cured after reboot.;
win17.tmp.exe;c:\windows\temp;Trojan.DownLoader.25873;Will be cured after reboot.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;Incurable.Moved.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\TRITON_UK_2.2.25.1;Probably BACKDOOR.Trojan;Incurable.Moved.;
3 Months Free NetZero.exe;C:\Documents and Settings\All Users\Start Menu;Trojan.Click.1487;Deleted.;
47285453.exe;C:\Documents and Settings\phil\Local Settings\Temp;Trojan.DownLoader.25873;Deleted.;
anti4[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\8EDCYC6T;Trojan.Virtumod;Deleted.;
_affvm[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\8EDCYC6T;Trojan.Virtumod;Deleted.;
kcehc_eicooc20070702[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\HB8RYFC0;Trojan.DownLoader.26570;Deleted.;
masiyxanidi[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\HB8RYFC0;Trojan.Virtumod;Deleted.;
xc23[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\II21LVSH;Trojan.DownLoader.25873;Deleted.;
xc42[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\II21LVSH;Adware.ClickSpring;Incurable.Moved.;
_jnvm[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\II21LVSH;Trojan.Virtumod;Deleted.;
adfcook[1];C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\MAZP7SOW;Trojan.Click.2799;Deleted.;
xc29[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\MAZP7SOW;Trojan.Mezzia;Deleted.;
Process.exe;C:\Documents and Settings\phil\My Documents\SDFix\apps;Tool.Prockill;Incurable.Moved.;
Yazzle1162OinAdmin.exe;C:\Program Files\Common Files;Adware.ClickSpring;;
jidnihee.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
lsctfhfk.exe.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.DownLoader.26570;Deleted.;
mfoixehh.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Juan;Deleted.;
mljgg.dll.vir;C:\QooBox\Quarantine\C\WINDOWS\system32;Trojan.Virtumod;Deleted.;
A0102849.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Adware.TryMedia;Incurable.Moved.;
A0103118.reg;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Probably SCRIPT.Virus;Incurable.Moved.;
A0104791.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Trojan.Virtumod;Deleted.;
A0104792.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Trojan.DownLoader.26570;Deleted.;
A0104793.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP528;Trojan.Virtumod;Deleted.;
A0106436.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.DownLoader.25873;Deleted.;
A0107680.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.Virtumod;Deleted.;
A0107681.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.Juan;Deleted.;
A0107682.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.DownLoader.26570;Deleted.;
A0107685.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP535;Trojan.Virtumod;Deleted.;
A0107862.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536;Trojan.DownLoader.25873;Deleted.;
A0107870.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536;Trojan.DownLoader.25873;Deleted.;
A0109958.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP536;Trojan.Virtumod;Deleted.;
A0115002.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
A0115003.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.DownLoader.26570;Deleted.;
A0115004.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
A0115005.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
A0115006.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
A0115051.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Tool.Prockill;Incurable.Moved.;
A0115066.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.DownLoader.26570;Deleted.;
A0115067.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
A0115068.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Click.2799;Deleted.;
A0115069.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
A0115191.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.Virtumod;Deleted.;
A0116464.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP538;Trojan.DownLoader.26570;Deleted.;
A0116691.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP540;Trojan.DownLoader.25873;Deleted.;
A0116692.dll;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP540;Trojan.Virtumod;Deleted.;
A0116693.exe;C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP540;Trojan.Click.1487;Deleted.;
mgrs.exe;C:\WINDOWS;Trojan.DownLoader.25873;Write error;
byxwvsq.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
efcdbby.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
gebcc.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
jidnihee.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
lsctfhfk.exe;C:\WINDOWS\system32;Trojan.DownLoader.26570;Deleted.;
mfoixehh.dll;C:\WINDOWS\system32;Trojan.Juan;Deleted.;
mljgg.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;
njbvrxgf.exe;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
rqrrpnk.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
xaqrgbqx.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;
20666718.exe;C:\WINDOWS\Temp;Trojan.DownLoader.25873;Deleted.;
mst1F.tmp;C:\WINDOWS\Temp;Trojan.Fakealert.249;Deleted.;
win17.tmp.exe;C:\WINDOWS\Temp;Trojan.DownLoader.25873;Deleted.;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_2.0.2.2;Probably BACKDOOR.Trojan;;
setup.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\TRITON_UK_2.2.25.1;Probably BACKDOOR.Trojan;;
xc42[1].exe;C:\Documents and Settings\phil\Local Settings\Temporary Internet Files\Content.IE5\II21LVSH;Adware.ClickSpring;;
Process.exe;C:\Documents and Settings\phil\My Documents\SDFix\apps;Tool.Prockill;;



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:21:22 AM, on 7/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
C:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1160275593\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [icq.com] "rundll32.exe" "C:\WINDOWS\system32\xaqrgbqx.dll",forkonce
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [CTDrive] "rundll32.exe" C:\WINDOWS\system32\drvvem.dll,startup
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [NetFxUpdate_v1.1.4322] "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" 0 v1.1.4322 GAC + NI NID
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Aquarius Soft PC Keyboard Hotkey Pro.lnk = C:\Program Files\Aquarius Soft\PC Keyboard Hotkey Pro\khotkeys.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\phil\Start Menu\Programs\>IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8616 bytes

 

[cybertech]

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6u2.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.