1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan TJ/BZ

Discussion in 'Virus & Other Malware Removal' started by Kernster, Nov 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. Kernster

    Kernster Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    6
    Hi I am having some problems with my computer. I keep getting pop ups on computer saying that I have a Trojan TJ/BZ infection and it keep on saying to install some antivirus and spyware software. I see some other people are having this same problem. This is very annoying:mad:

    Can you please help me solve this problem.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download HJTsetup.exe.
    Save HJTsetup.exe to your desktop.

    Double click on the HJTsetup.exe icon on your desktop.
    By default it will install to C:\Program Files\Hijack This.
    Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    Put a check by Create a desktop icon then click Next again.
    Continue to follow the rest of the prompts from there.
    At the final dialogue box click Finish and it will launch Hijack This.
    Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    Click Save to save the log file and then the log will open in notepad.
    Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    Come back here to this thread and Paste the log in your next reply.
    DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. Kernster

    Kernster Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    6
    When I click on the HJTsetup link it s saying the requested file does not exist.
     
  4. Kernster

    Kernster Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    6
    Ok I got through with the HJT file here is the log file.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:17:02 PM, on 11/13/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\eiddqkfa.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    P:\Program Files\iTunes\iTunesHelper.exe
    P:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\system\named.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    P:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\system32\DrvMon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\MI3AA1~1\wcescomm.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    P:\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\PowerMenu\PowerMenu.exe
    C:\Program Files\TSTT Quick Assist\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    D:\Program Files\Reget\IDMan.exe
    C:\Program Files\Flock\flock\flock.exe
    C:\WINDOWS\System32\Rundll32.exe
    E:\Documents\Downloads\Programs\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60001
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\txgquvrb.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "P:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NamedSvc] C:\WINDOWS\system\named.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
    O4 - HKLM\..\Run: [e8f0d0d6] rundll32.exe "C:\WINDOWS\system32\upsnpaym.dll",b
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] P:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\DeBoss\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\begin.nsu"
    O4 - HKCU\..\Run: [BitDownload] "P:\Program Files\BitDownload\BitDownload.exe" /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
    O4 - HKCU\..\Run: [IDMan] D:\Program Files\Reget\IDMan.exe /onboot
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = P:\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
    O4 - Global Startup: TSTT Quick Assist.lnk = C:\Program Files\TSTT Quick Assist\bin\matcli.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Reget\IEGetAll.htm
    O8 - Extra context menu item: Download using LeechGet - file://P:\Program Files\LeechGet 2002\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://P:\Program Files\LeechGet 2002\\Wizard.html
    O8 - Extra context menu item: Download with IDM - D:\Program Files\Reget\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Parse with LeechGet - file://P:\Program Files\LeechGet 2002\\Parser.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99E14F7E-6F54-4FD7-9619-4B6A387ADEA1}: NameServer = 196.3.132.1,196.3.132.4
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\eiddqkfa.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - P:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - P:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 12260 bytes
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're very infected

    Download the Trial version of Superantispyware Pro (SAS):
    http://www.superantispyware.com/superantispyware.html?rid=3132


    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.
     
  6. Kernster

    Kernster Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    6
    Superantispyware Pro (SAS) Log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/14/2007 at 06:43 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3344
    Trace Rules Database Version: 1345

    Scan type : Complete Scan
    Total Scan Time : 00:55:21

    Memory items scanned : 532
    Memory threats detected : 2
    Registry items scanned : 7515
    Registry threats detected : 52
    File items scanned : 48682
    File threats detected : 105

    Adware.Vundo-Variant
    C:\WINDOWS\SYSTEM32\TXGQUVRB.DLL
    C:\WINDOWS\SYSTEM32\TXGQUVRB.DLL
    Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\txgquvrb
    C:\WINDOWS\SYSTEM32\DIHWOQTG.DLL
    C:\WINDOWS\SYSTEM32\IQKJOWUB.DLL
    C:\WINDOWS\SYSTEM32\MRQARWMR.DLL

    Adware.Vundo Variant
    C:\WINDOWS\SYSTEM32\JKKLM.DLL
    C:\WINDOWS\SYSTEM32\JKKLM.DLL
    HKLM\Software\Classes\CLSID\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}
    HKCR\CLSID\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}
    HKCR\CLSID\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}\InprocServer32
    HKCR\CLSID\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}
    HKCR\CLSID\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}
    HKCR\CLSID\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}\InprocServer32
    HKCR\CLSID\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\WVUROOM.DLL
    HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{B5E0B17D-50EB-4504-B48B-2BAE51ABAC76}
    HKCR\CLSID\{B5E0B17D-50EB-4504-B48B-2BAE51ABAC76}
    HKCR\CLSID\{B5E0B17D-50EB-4504-B48B-2BAE51ABAC76}\InprocServer32
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D9AA571-A9C0-48AE-9519-4E619DA8184D}\RP4\A0000070.DLL
    C:\WINDOWS\SYSTEM32\BYXVSPN.DLL
    C:\WINDOWS\SYSTEM32\BYXWWTR.DLL
    C:\WINDOWS\SYSTEM32\EFCYXVS.DLL
    C:\WINDOWS\SYSTEM32\IIFDDCY.DLL
    C:\WINDOWS\SYSTEM32\IIFFEBY.DLL
    C:\WINDOWS\SYSTEM32\JKKJKJG.DLL
    C:\WINDOWS\SYSTEM32\NNNONLM.DLL
    C:\WINDOWS\SYSTEM32\PMNLKLJ.DLL

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
    HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
    HKLM\Software\Classes\CLSID\{8E015787-B1E3-404a-95DE-3E71E1FA0305}
    HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}
    HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}
    HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\InprocServer32
    HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\ProgID
    HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\Programmable
    HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\TypeLib
    HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\SPADS.DLL
    HKLM\Software\Classes\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}
    HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}
    HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}
    HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\InprocServer32
    HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\InprocServer32#ThreadingModel
    HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\ProgID
    HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\Programmable
    HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\TypeLib
    HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\NSZ89.DLL
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
    HKU\S-1-5-21-1659004503-1214440339-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}

    Trojan.Download-Gen/N_BHO
    HKLM\Software\Classes\CLSID\{617BD0F0-640B-4E32-A275-2F15BEFB85B5}
    HKCR\CLSID\{617BD0F0-640B-4E32-A275-2F15BEFB85B5}
    HKCR\CLSID\{617BD0F0-640B-4E32-A275-2F15BEFB85B5}\InprocServer32
    HKCR\CLSID\{617BD0F0-640B-4E32-A275-2F15BEFB85B5}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\CRYPTEX.DLL

    Adware.MyWebSearch
    HKU\S-1-5-21-1659004503-1214440339-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

    Trojan.Downloader-Gen/DDC
    HKLM\System\ControlSet001\Services\DomainService
    C:\WINDOWS\SYSTEM32\EIDDQKFA.EXE
    HKLM\System\ControlSet002\Services\DomainService
    HKLM\System\CurrentControlSet\Services\DomainService
    C:\WINDOWS\SYSTEM32\FAOBJQJG.EXE
    C:\WINDOWS\SYSTEM32\XLJWOTJX.EXE

    Adware.Tracking Cookie
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][3].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][3].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][6].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][4].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][5].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][3].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][7].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][3].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][2].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt
    C:\Documents and Settings\DeBoss\Cookies\[email protected][1].txt

    Adware.ClickSpring/Yazzle
    C:\PROGRAM FILES\COMMON FILES\YAZZLE1396OINUNINSTALLER.EXE

    Adware.Vundo Variant/Rel
    C:\WINDOWS\SYSTEM32\MCRH.TMP
    C:\WINDOWS\SYSTEM32\MLKKJ.BAK1

    Adware.ClickSpring/PuritySCAN
    C:\WINDOWS\SYSTEM32\WCPSVTR.EXE

    Here is the HJT This Log File

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:13:36 PM, on 11/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    P:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    P:\Program Files\iPod\bin\iPodService.exe
    P:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\system32\DrvMon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    D:\Program Files\Reget\IDMan.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    P:\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\PowerMenu\PowerMenu.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\TSTT Quick Assist\bin\mpbtn.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    P:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Flock\flock\flock.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    E:\Documents\Downloads\Programs\hijackthis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60001
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Reget\IDMIECC.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "P:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] P:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\DeBoss\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\begin.nsu"
    O4 - HKCU\..\Run: [BitDownload] "P:\Program Files\BitDownload\BitDownload.exe" /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [IDMan] D:\Program Files\Reget\IDMan.exe /onboot
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = P:\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
    O4 - Global Startup: TSTT Quick Assist.lnk = C:\Program Files\TSTT Quick Assist\bin\matcli.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Reget\IEGetAll.htm
    O8 - Extra context menu item: Download using LeechGet - file://P:\Program Files\LeechGet 2002\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://P:\Program Files\LeechGet 2002\\Wizard.html
    O8 - Extra context menu item: Download with IDM - D:\Program Files\Reget\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Parse with LeechGet - file://P:\Program Files\LeechGet 2002\\Parser.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99E14F7E-6F54-4FD7-9619-4B6A387ADEA1}: NameServer = 196.3.132.1,196.3.132.4
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - P:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - P:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 12206 bytes
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • ...
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  8. Kernster

    Kernster Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    6
    Combo Log

    ComboFix 07-11-08.1 - DeBoss 2007-11-14 22:46:03.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.594 [GMT -4:00]
    Running from: E:\Documents\Downloads\Programs\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\DeBoss\Application Data\APPATC~1
    C:\Documents and Settings\DeBoss\Application Data\CROSOF~1.NET
    C:\Documents and Settings\DeBoss\Application Data\FunWebProducts
    C:\Documents and Settings\DeBoss\Application Data\FunWebProducts\Data\DeBoss\avatar.dat
    C:\Documents and Settings\DeBoss\Application Data\inst.exe
    C:\Documents and Settings\DeBoss\Application Data\PPATCH~1
    C:\Documents and Settings\DeBoss\Application Data\SSTEM3~1
    C:\Documents and Settings\DeBoss\Application Data\YSTEM~1
    C:\Documents and Settings\DeBoss\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\DeBoss\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\DeBoss\Favorites\Online Security Guide.lnk
    C:\Program Files\Common Files\appatc~1
    C:\Program Files\Common Files\appatc~1\A?pPatch\
    C:\Program Files\Common Files\ppatch~1
    C:\Program Files\Common Files\pppatc~1
    C:\Program Files\Common Files\racle~1
    C:\Program Files\internet explorer\msimg32.dll
    C:\Program Files\outlook
    C:\Program Files\pppatc~1
    C:\Program Files\scurit~1
    C:\WINDOWS\crosof~1.net
    C:\WINDOWS\dobe~1
    C:\WINDOWS\fnts~1
    C:\WINDOWS\racle~1
    C:\WINDOWS\sstem3~1
    C:\WINDOWS\system32\app.exe
    C:\WINDOWS\system32\cryptex.dll
    C:\WINDOWS\system32\drivers\fgsszoca.dat
    C:\WINDOWS\system32\drivers\szoxjqmt.dat
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\install.exe
    C:\WINDOWS\system32\ps.exe
    C:\WINDOWS\system32\regedit.com
    C:\WINDOWS\system32\txgquvrb.dllbox
    C:\WINDOWS\system32\ymante~1
    C:\WINDOWS\wr.txt
    E:\Documents\ASEMBL~1
    E:\Documents\CROSOF~1
    E:\Documents\RACLE~1
    E:\Documents\SEMBLY~1

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_YQKFOIWP
    -------\yqkfoiwp


    ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
    .

    2007-11-14 22:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-14 15:33 85,056 --a------ C:\WINDOWS\system32\kkhgfyvv.dll
    2007-11-14 15:27 79,424 --a------ C:\WINDOWS\system32\yhmadtny.dll
    2007-11-14 05:58 <DIR> d-------- C:\Documents and Settings\DeBoss\Application Data\BitDownload
    2007-11-13 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-13 22:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-13 22:56 <DIR> d-------- C:\Documents and Settings\DeBoss\Application Data\SUPERAntiSpyware.com
    2007-11-13 15:25 85,056 --a------ C:\WINDOWS\system32\upsnpaym.dll
    2007-11-13 15:23 27,776 --a------ C:\WINDOWS\Hotmail-Album-8057.zip
    2007-11-13 06:00 27,776 --a------ C:\WINDOWS\Hotmail-Album-9902.zip
    2007-11-13 06:00 27,776 --a------ C:\WINDOWS\Hotmail-Album-8790.zip
    2007-11-13 00:59 111,853 ---hs---- C:\WINDOWS\system32\mlkkj.bak2
    2007-11-13 00:59 27,776 --a------ C:\WINDOWS\Hotmail-Album-4038.zip
    2007-11-12 20:59 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-12 20:19 <DIR> d-------- C:\Documents and Settings\DeBoss\Application Data\ErrorKiller
    2007-11-12 18:25 27,776 --a------ C:\WINDOWS\Hotmail-Album-6966.zip
    2007-11-12 16:18 27,776 --a------ C:\WINDOWS\Hotmail-Album-7334.zip
    2007-11-12 05:56 58,368 --a------ C:\ak.exe
    2007-11-12 01:17 27,776 --a------ C:\WINDOWS\Hotmail-Album-8980.zip
    2007-11-12 01:17 27,776 --a------ C:\WINDOWS\Hotmail-Album-8437.zip
    2007-11-12 00:32 27,776 --a------ C:\WINDOWS\Hotmail-Album-7017.zip
    2007-11-12 00:32 27,776 --a------ C:\WINDOWS\Hotmail-Album-2166.zip
    2007-11-12 00:17 <DIR> d-------- C:\Program Files\Spyware Terminator
    2007-11-12 00:17 <DIR> d-------- C:\Program Files\Crawler
    2007-11-12 00:17 <DIR> d-------- C:\Documents and Settings\DeBoss\Application Data\Spyware Terminator
    2007-11-12 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2007-11-11 09:46 27,776 --a------ C:\WINDOWS\Hotmail-Album-5895.zip
    2007-11-10 17:30 27,776 --a------ C:\WINDOWS\Hotmail-Album-2561.zip
    2007-11-10 17:30 27,776 --a------ C:\WINDOWS\Hotmail-Album-0079.zip
    2007-11-09 14:21 27,776 --a------ C:\WINDOWS\Hotmail-Album-1727.zip
    2007-11-09 14:21 27,776 --a------ C:\WINDOWS\Hotmail-Album-1503.zip
    2007-11-09 10:33 27,776 --a------ C:\WINDOWS\Hotmail-Album-8829.zip
    2007-11-09 10:33 27,776 --a------ C:\WINDOWS\Hotmail-Album-0280.zip
    2007-11-09 08:49 27,776 --a------ C:\WINDOWS\Hotmail-Album-4892.zip
    2007-11-09 08:49 27,776 --a------ C:\WINDOWS\Hotmail-Album-3634.zip
    2007-11-08 19:27 <DIR> d-------- C:\Program Files\Dcads Games Collection
    2007-11-08 19:27 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe
    2007-11-08 19:27 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
    2007-11-08 17:25 27,776 --a------ C:\WINDOWS\Hotmail-Album-3710.zip
    2007-11-08 15:07 27,776 --a------ C:\WINDOWS\Hotmail-Album-6974.zip
    2007-11-08 06:24 27,776 --a------ C:\WINDOWS\Hotmail-Album-7384.zip
    2007-11-08 06:10 27,776 --a------ C:\WINDOWS\Hotmail-Album-3010.zip
    2007-11-07 15:12 27,776 --a------ C:\WINDOWS\Hotmail-Album-4832.zip
    2007-11-07 13:47 27,776 --a------ C:\WINDOWS\Hotmail-Album-8493.zip
    2007-11-06 15:42 27,776 --a------ C:\WINDOWS\Hotmail-Album-3126.zip
    2007-11-05 17:38 27,776 --a------ C:\WINDOWS\Hotmail-Album-2842.zip
    2007-11-05 17:10 27,776 --a------ C:\WINDOWS\Hotmail-Album-6204.zip
    2007-11-05 13:52 <DIR> d-------- C:\Program Files\Windows Live Toolbar
    2007-11-05 10:06 27,776 --a------ C:\WINDOWS\Hotmail-Album-9154.zip
    2007-11-05 10:06 27,776 --a------ C:\WINDOWS\Hotmail-Album-8422.zip
    2007-11-05 05:55 27,776 --a------ C:\WINDOWS\Hotmail-Album-6750.zip
    2007-11-05 00:11 27,776 --a------ C:\WINDOWS\Hotmail-Album-9002.zip
    2007-11-04 23:15 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-11-04 23:15 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2007-11-04 23:15 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-11-04 23:15 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-11-04 23:15 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-11-04 23:15 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-04 23:15 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-11-04 23:13 27,776 --a------ C:\WINDOWS\Hotmail-Album-3291.zip
    2007-11-04 19:20 27,776 --a------ C:\WINDOWS\Hotmail-Album-0782.zip
    2007-11-04 14:40 27,776 --a------ C:\WINDOWS\Hotmail-Album-5876.zip
    2007-11-04 14:40 27,776 --a------ C:\WINDOWS\Hotmail-Album-1034.zip
    2007-11-04 12:20 27,776 --a------ C:\WINDOWS\Hotmail-Album-4838.zip
    2007-11-04 00:13 27,776 --a------ C:\WINDOWS\Hotmail-Album-0038.zip
    2007-11-03 20:42 27,776 --a------ C:\WINDOWS\Hotmail-Album-9532.zip
    2007-11-03 19:49 27,776 --a------ C:\WINDOWS\Hotmail-Album-1822.zip
    2007-11-03 15:06 27,776 --a------ C:\WINDOWS\Hotmail-Album-4785.zip
    2007-11-02 17:03 27,776 --a------ C:\WINDOWS\Hotmail-Album-0378.zip
    2007-11-02 15:04 27,776 --a------ C:\WINDOWS\Hotmail-Album-6901.zip
    2007-11-01 20:59 27,776 --a------ C:\WINDOWS\Hotmail-Album-4806.zip
    2007-11-01 18:01 27,776 --a------ C:\WINDOWS\Hotmail-Album-7299.zip
    2007-11-01 17:08 27,776 --a------ C:\WINDOWS\Hotmail-Album-8731.zip
    2007-11-01 16:48 27,776 --a------ C:\WINDOWS\Hotmail-Album-7386.zip
    2007-11-01 15:09 27,776 --a------ C:\WINDOWS\Hotmail-Album-1832.zip
    2007-10-31 21:49 27,776 --a------ C:\WINDOWS\Hotmail-Album-5831.zip
    2007-10-31 16:23 27,776 --a------ C:\WINDOWS\Hotmail-Album-4462.zip
    2007-10-31 16:22 27,776 --a------ C:\WINDOWS\Hotmail-Album-4489.zip
    2007-10-24 09:47 61,532 --a------ C:\report.zip
    2007-10-17 13:23 10,752 --a------ C:\WINDOWS\system32\WhoisCL.exe
    2007-10-16 19:41 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Gtek
    2007-10-16 19:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
    2007-10-16 19:40 <DIR> d-------- C:\Program Files\Linksys EasyLink Advisor
    2007-10-16 19:40 1,922,048 --a------ C:\WINDOWS\system32\gdql_lsa.dll
    2007-10-16 19:40 135,168 --a------ C:\WINDOWS\system32\GoProto.dll
    2007-10-16 19:40 28,672 --a------ C:\WINDOWS\system32\drivers\goprot51.sys
    2007-10-16 19:40 6,977 --a------ C:\WINDOWS\system32\DDMI2.sys
    2007-10-16 19:40 6,656 --a------ C:\WINDOWS\system32\DLPT2.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-15 02:21 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\DMCache
    2007-11-14 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2007-11-14 07:08 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\MegauploadToolbar
    2007-11-14 02:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2007-11-11 21:58 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\LimeWire
    2007-11-05 21:40 --------- d-----w C:\Program Files\MSN Messenger
    2007-11-05 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-10-27 01:51 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\Vso
    2007-10-20 20:24 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\axis title
    2007-10-16 23:41 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
    2007-10-16 23:41 --------- d--h--w C:\Documents and Settings\DeBoss\Application Data\GTek
    2007-10-14 21:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-10 23:34 --------- d-----w C:\Program Files\MegauploadToolbar
    2007-10-10 21:27 --------- d-----w C:\Program Files\Hewlett-Packard
    2007-10-05 22:32 --------- d-----w C:\Program Files\Common Files\Motive
    2007-10-03 01:50 --------- d-----w C:\Program Files\GameSpy Arcade
    2007-10-02 21:55 --------- d-----w C:\Program Files\Alwil Software
    2007-10-01 22:55 5,693 ----a-w C:\Program Files\DOWNLOAD_INSTALL.LOG
    2007-09-24 05:18 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\CyberLink
    2007-09-24 05:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2007-09-24 05:07 --------- d-----w C:\Program Files\CyberLink
    2007-09-21 02:16 --------- d-----w C:\Program Files\Winamp
    2007-09-21 02:16 --------- d-----w C:\Program Files\Common Files\NSV
    2007-09-18 13:27 --------- d-----w C:\Program Files\Common Files\Adobe
    2007-09-18 13:06 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
    2007-08-14 00:29 209 ----a-w C:\Documents and Settings\DeBoss\9546.bat
    2007-08-13 20:52 209 ----a-w C:\Documents and Settings\DeBoss\2986.bat
    2007-08-13 17:51 209 ----a-w C:\Documents and Settings\DeBoss\5871.bat
    2007-08-09 20:13 209 ----a-w C:\Documents and Settings\DeBoss\3903.bat
    2007-08-09 10:55 167 ----a-w C:\Documents and Settings\DeBoss\3641.bat
    2007-08-09 03:09 167 ----a-w C:\Documents and Settings\DeBoss\8016.bat
    2007-08-08 19:19 167 ----a-w C:\Documents and Settings\DeBoss\6582.bat
    2007-08-08 19:14 167 ----a-w C:\Documents and Settings\DeBoss\8835.bat
    2007-08-07 13:50 167 ----a-w C:\Documents and Settings\DeBoss\3436.bat
    2007-08-06 23:20 167 ----a-w C:\Documents and Settings\DeBoss\1939.bat
    2007-08-06 11:01 167 ----a-w C:\Documents and Settings\DeBoss\9507.bat
    2007-08-06 03:19 167 ----a-w C:\Documents and Settings\DeBoss\1689.bat
    2007-08-05 13:36 167 ----a-w C:\Documents and Settings\DeBoss\7231.bat
    2007-08-04 21:13 167 ----a-w C:\Documents and Settings\DeBoss\3623.bat
    2007-08-04 19:27 167 ----a-w C:\Documents and Settings\DeBoss\6217.bat
    2007-08-04 14:51 167 ----a-w C:\Documents and Settings\DeBoss\9639.bat
    2007-08-04 03:12 167 ----a-w C:\Documents and Settings\DeBoss\3754.bat
    2007-08-03 21:20 167 ----a-w C:\Documents and Settings\DeBoss\2357.bat
    2007-08-03 17:50 167 ----a-w C:\Documents and Settings\DeBoss\9928.bat
    2007-08-03 16:40 167 ----a-w C:\Documents and Settings\DeBoss\2330.bat
    2007-08-03 15:47 167 ----a-w C:\Documents and Settings\DeBoss\4398.bat
    2007-08-03 12:33 167 ----a-w C:\Documents and Settings\DeBoss\9393.bat
    2007-08-03 10:06 167 ----a-w C:\Documents and Settings\DeBoss\7758.bat
    2007-08-03 03:04 167 ----a-w C:\Documents and Settings\DeBoss\3731.bat
    2007-08-02 22:34 167 ----a-w C:\Documents and Settings\DeBoss\5641.bat
    2007-08-01 14:46 167 ----a-w C:\Documents and Settings\DeBoss\5166.bat
    2007-07-30 20:29 167 ----a-w C:\Documents and Settings\DeBoss\5568.bat
    2007-07-30 12:05 167 ----a-w C:\Documents and Settings\DeBoss\9492.bat
    2007-07-30 10:13 167 ----a-w C:\Documents and Settings\DeBoss\9322.bat
    2007-07-29 14:16 167 ----a-w C:\Documents and Settings\DeBoss\8814.bat
    2007-07-28 21:39 167 ----a-w C:\Documents and Settings\DeBoss\7855.bat
    2007-07-28 18:33 167 ----a-w C:\Documents and Settings\DeBoss\1475.bat
    2007-07-28 03:18 167 ----a-w C:\Documents and Settings\DeBoss\2014.bat
    2007-07-17 21:51 47,360 ----a-w C:\Documents and Settings\DeBoss\Application Data\pcouffin.sys
    2007-06-13 15:33 167 ----a-w C:\Documents and Settings\DeBoss\8564.bat
    2007-06-12 20:28 167 ----a-w C:\Documents and Settings\DeBoss\6621.bat
    2007-06-11 18:27 167 ----a-w C:\Documents and Settings\DeBoss\4796.bat
    2007-06-11 02:46 167 ----a-w C:\Documents and Settings\DeBoss\8570.bat
    2007-06-11 01:02 167 ----a-w C:\Documents and Settings\DeBoss\5511.bat
    2007-06-10 16:54 167 ----a-w C:\Documents and Settings\DeBoss\5470.bat
    2007-06-10 03:00 167 ----a-w C:\Documents and Settings\DeBoss\3341.bat
    2007-06-09 15:48 167 ----a-w C:\Documents and Settings\DeBoss\4002.bat
    2007-06-08 19:08 167 ----a-w C:\Documents and Settings\DeBoss\5180.bat
    2007-06-08 02:11 167 ----a-w C:\Documents and Settings\DeBoss\6724.bat
    2007-06-08 00:44 167 ----a-w C:\Documents and Settings\DeBoss\8228.bat
    2007-06-07 15:44 167 ----a-w C:\Documents and Settings\DeBoss\8061.bat
    2007-06-06 20:02 167 ----a-w C:\Documents and Settings\DeBoss\1540.bat
    2007-06-05 21:40 167 ----a-w C:\Documents and Settings\DeBoss\5893.bat
    2007-06-04 22:18 167 ----a-w C:\Documents and Settings\DeBoss\4485.bat
    2007-06-04 22:03 167 ----a-w C:\Documents and Settings\DeBoss\5640.bat
    2007-06-04 21:48 167 ----a-w C:\Documents and Settings\DeBoss\7344.bat
    2007-06-04 21:33 167 ----a-w C:\Documents and Settings\DeBoss\1628.bat
    2007-06-04 21:18 167 ----a-w C:\Documents and Settings\DeBoss\2763.bat
    2007-06-04 17:41 167 ----a-w C:\Documents and Settings\DeBoss\2339.bat
    2007-06-04 03:15 167 ----a-w C:\Documents and Settings\DeBoss\1545.bat
    2007-06-03 22:27 167 ----a-w C:\Documents and Settings\DeBoss\9553.bat
    2007-06-03 22:12 167 ----a-w C:\Documents and Settings\DeBoss\7465.bat
    2007-06-03 21:57 167 ----a-w C:\Documents and Settings\DeBoss\9334.bat
    2007-06-03 21:42 167 ----a-w C:\Documents and Settings\DeBoss\9836.bat
    2007-06-03 21:27 167 ----a-w C:\Documents and Settings\DeBoss\1655.bat
    2007-06-03 20:57 167 ----a-w C:\Documents and Settings\DeBoss\1350.bat
    2007-06-03 20:42 167 ----a-w C:\Documents and Settings\DeBoss\3420.bat
    2007-06-03 20:26 167 ----a-w C:\Documents and Settings\DeBoss\5934.bat
    2007-06-03 18:47 167 ----a-w C:\Documents and Settings\DeBoss\3895.bat
    2007-05-30 20:51 167 ----a-w C:\Documents and Settings\DeBoss\6439.bat
    2007-05-30 14:54 167 ----a-w C:\Documents and Settings\DeBoss\2582.bat
    2007-05-30 14:09 167 ----a-w C:\Documents and Settings\DeBoss\1216.bat
    2007-05-30 14:00 167 ----a-w C:\Documents and Settings\DeBoss\9155.bat
    2007-05-30 03:31 167 ----a-w C:\Documents and Settings\DeBoss\2322.bat
    2007-05-30 01:44 167 ----a-w C:\Documents and Settings\DeBoss\1706.bat
    2007-05-29 19:17 167 ----a-w C:\Documents and Settings\DeBoss\5021.bat
    2007-05-28 21:41 167 ----a-w C:\Documents and Settings\DeBoss\9254.bat
    2007-05-28 00:24 167 ----a-w C:\Documents and Settings\DeBoss\9740.bat
    2007-05-27 19:28 167 ----a-w C:\Documents and Settings\DeBoss\7260.bat
    2007-05-27 02:17 167 ----a-w C:\Documents and Settings\DeBoss\2799.bat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 08:04]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 19:21 C:\WINDOWS\system32\HdAShCut.exe]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 21:11]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 19:35]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-09 23:25]
    "nwiz"="nwiz.exe" [2006-11-09 23:26 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-09 23:26]
    "SMSERIAL"="sm56hlpr.exe" [2004-12-28 18:01 C:\WINDOWS\sm56hlpr.exe]
    "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 04:47]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 22:14]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-21 19:26]
    "iTunesHelper"="P:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
    "Motive SmartBridge"="C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe" [2006-06-27 13:03]
    "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
    "CursorXP"="P:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]
    "DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-09-09 22:16]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
    "NVIDIA nTune"="P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20]
    "BitDownload"="P:\Program Files\BitDownload\BitDownload.exe" []
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36]
    "IDMan"="D:\Program Files\Reget\IDMan.exe" [2006-11-19 06:05]
    "EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01]
    "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

    C:\Documents and Settings\DeBoss\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 00:24:54]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    InterVideo WinCinema Manager.lnk - P:\Common\Bin\WinCinemaMgr.exe [2007-03-15 17:33:03]
    PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-03-14 13:28:04]
    TSTT Quick Assist.lnk - C:\Program Files\TSTT Quick Assist\bin\matcli.exe [2007-07-25 22:49:37]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileMenu"=1 (0x1)
    "NoResolveTrack"=1 (0x1)
    "NoChangeKeyboardNavigationIndicators"=0 (0x0)
    "NoViewOnDrive"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= C:\WINDOWS\system32\ieframe.dll [2007-08-20 06:04 6058496]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    P:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 21:16 176128 P:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    R1 nvport;NVIDIA PORT IO Control Driver;\??\C:\WINDOWS\system32\Drivers\nvport.sys
    R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
    S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54d18298-e14b-11db-8145-812a2c4397e8}]
    \Shell\AutoRun\command - H:\loader.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfd0b02-e6f2-11db-8169-c3b208b5aa2d}]
    \Shell\AutoRun\command - setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dd8cad2-31a0-11dc-837a-b7bf559dc89d}]
    \Shell\Auto\command - H:\boot.exe
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-11-14 07:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
    - C:\Program Files\ErrorKiller\ErrorKiller.exe
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-14 23:02:27
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-14 23:04:43 - machine was rebooted
    .
    --- E O F ---
     
  9. Kernster

    Kernster Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    6
    Hijack This Log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:08:36 PM, on 11/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\smax4.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    P:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    P:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    P:\Program Files\CursorXP\CursorXP.exe
    C:\WINDOWS\system32\DrvMon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    D:\Program Files\Reget\IDMan.exe
    C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    P:\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\PowerMenu\PowerMenu.exe
    C:\Program Files\TSTT Quick Assist\bin\mpbtn.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Flock\flock\flock.exe
    E:\Documents\Downloads\Programs\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Reget\IDMIECC.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "P:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorXP] P:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [NVIDIA nTune] "P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\DeBoss\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\begin.nsu"
    O4 - HKCU\..\Run: [BitDownload] "P:\Program Files\BitDownload\BitDownload.exe" /minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [IDMan] D:\Program Files\Reget\IDMan.exe /onboot
    O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = P:\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
    O4 - Global Startup: TSTT Quick Assist.lnk = C:\Program Files\TSTT Quick Assist\bin\matcli.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Reget\IEGetAll.htm
    O8 - Extra context menu item: Download using LeechGet - file://P:\Program Files\LeechGet 2002\\AddUrl.html
    O8 - Extra context menu item: Download using LeechGet Wizard - file://P:\Program Files\LeechGet 2002\\Wizard.html
    O8 - Extra context menu item: Download with IDM - D:\Program Files\Reget\IEExt.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Parse with LeechGet - file://P:\Program Files\LeechGet 2002\\Parser.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
    O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O17 - HKLM\System\CCS\Services\Tcpip\..\{99E14F7E-6F54-4FD7-9619-4B6A387ADEA1}: NameServer = 196.3.132.1,196.3.132.4
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - P:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - P:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

    --
    End of file - 11398 bytes
     
  10. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Download and install AVG Anti-Spyware v7.5
    • After download, double click on the file to launch the install process.
    • Choose a language, click "OK" and then click "Next".
    • Read the "License Agreement" and click "I Agree".
    • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
    • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
    • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
    • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
      Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
    • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
    Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

    Scan with AVG Anti-Spyware as follows:
    • Click on the "Scanner" button and choose the "Settings" tab.
    • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
    • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
    • Under "Reports" select "Do not automatically generate reports".
    • Click the "Scan" tab to return to scanning options.
    • Click "Complete System Scan" to start.
    • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
    • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
    IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
    • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
    • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
    Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

    AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/651142

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice