Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Trojan TJ/BZ

2K views 9 replies 2 participants last post by  Cheeseball81 
#1 ·
Hi I am having some problems with my computer. I keep getting pop ups on computer saying that I have a Trojan TJ/BZ infection and it keep on saying to install some antivirus and spyware software. I see some other people are having this same problem. This is very annoying:mad:

Can you please help me solve this problem.
 
#2 ·
* Click here to download HJTsetup.exe.
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
#4 ·
Ok I got through with the HJT file here is the log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:17:02 PM, on 11/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\eiddqkfa.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
P:\Program Files\iTunes\iTunesHelper.exe
P:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system\named.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
P:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MI3AA1~1\wcescomm.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
P:\Common\Bin\WinCinemaMgr.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\TSTT Quick Assist\bin\mpbtn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
D:\Program Files\Reget\IDMan.exe
C:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\System32\Rundll32.exe
E:\Documents\Downloads\Programs\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\txgquvrb.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "P:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NamedSvc] C:\WINDOWS\system\named.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [e8f0d0d6] rundll32.exe "C:\WINDOWS\system32\upsnpaym.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] P:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\DeBoss\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\begin.nsu"
O4 - HKCU\..\Run: [BitDownload] "P:\Program Files\BitDownload\BitDownload.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MI3AA1~1\wcescomm.exe"
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Reget\IDMan.exe /onboot
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = P:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: TSTT Quick Assist.lnk = C:\Program Files\TSTT Quick Assist\bin\matcli.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Reget\IEGetAll.htm
O8 - Extra context menu item: Download using LeechGet - file://P:\Program Files\LeechGet 2002\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://P:\Program Files\LeechGet 2002\\Wizard.html
O8 - Extra context menu item: Download with IDM - D:\Program Files\Reget\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://P:\Program Files\LeechGet 2002\\Parser.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{99E14F7E-6F54-4FD7-9619-4B6A387ADEA1}: NameServer = 196.3.132.1,196.3.132.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\eiddqkfa.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - P:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - P:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 12260 bytes
 
#5 ·
You're very infected

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/superantispyware.html?rid=3132

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.
 
#6 ·
Superantispyware Pro (SAS) Log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/14/2007 at 06:43 PM

Application Version : 3.9.1008

Core Rules Database Version : 3344
Trace Rules Database Version: 1345

Scan type : Complete Scan
Total Scan Time : 00:55:21

Memory items scanned : 532
Memory threats detected : 2
Registry items scanned : 7515
Registry threats detected : 52
File items scanned : 48682
File threats detected : 105

Adware.Vundo-Variant
C:\WINDOWS\SYSTEM32\TXGQUVRB.DLL
C:\WINDOWS\SYSTEM32\TXGQUVRB.DLL
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\txgquvrb
C:\WINDOWS\SYSTEM32\DIHWOQTG.DLL
C:\WINDOWS\SYSTEM32\IQKJOWUB.DLL
C:\WINDOWS\SYSTEM32\MRQARWMR.DLL

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\JKKLM.DLL
C:\WINDOWS\SYSTEM32\JKKLM.DLL
HKLM\Software\Classes\CLSID\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}
HKCR\CLSID\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}
HKCR\CLSID\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}\InprocServer32
HKCR\CLSID\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}
HKCR\CLSID\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}
HKCR\CLSID\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}\InprocServer32
HKCR\CLSID\{0DD98BA3-25B7-4913-88AF-CFBDB28DA4CE}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WVUROOM.DLL
HKLM\Software\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{B5E0B17D-50EB-4504-B48B-2BAE51ABAC76}
HKCR\CLSID\{B5E0B17D-50EB-4504-B48B-2BAE51ABAC76}
HKCR\CLSID\{B5E0B17D-50EB-4504-B48B-2BAE51ABAC76}\InprocServer32
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A2B9AC0-0242-4B17-9587-E54AFA7F7F89}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}
HKCR\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9D9AA571-A9C0-48AE-9519-4E619DA8184D}\RP4\A0000070.DLL
C:\WINDOWS\SYSTEM32\BYXVSPN.DLL
C:\WINDOWS\SYSTEM32\BYXWWTR.DLL
C:\WINDOWS\SYSTEM32\EFCYXVS.DLL
C:\WINDOWS\SYSTEM32\IIFDDCY.DLL
C:\WINDOWS\SYSTEM32\IIFFEBY.DLL
C:\WINDOWS\SYSTEM32\JKKJKJG.DLL
C:\WINDOWS\SYSTEM32\NNNONLM.DLL
C:\WINDOWS\SYSTEM32\PMNLKLJ.DLL

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32
HKCR\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{8E015787-B1E3-404a-95DE-3E71E1FA0305}
HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}
HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}
HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\InprocServer32
HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\InprocServer32#ThreadingModel
HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\ProgID
HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\Programmable
HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\TypeLib
HKCR\CLSID\{8E015787-B1E3-404A-95DE-3E71E1FA0305}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\SPADS.DLL
HKLM\Software\Classes\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}
HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}
HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}
HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\InprocServer32
HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\InprocServer32#ThreadingModel
HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\ProgID
HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\Programmable
HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\TypeLib
HKCR\CLSID\{C7C90A5E-BE0A-44DD-83D2-1BE138460BAC}\VersionIndependentProgID
C:\WINDOWS\SYSTEM32\NSZ89.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{11A69AE4-FBED-4832-A2BF-45AF82825583}
HKU\S-1-5-21-1659004503-1214440339-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{11A69AE4-FBED-4832-A2BF-45AF82825583}

Trojan.Download-Gen/N_BHO
HKLM\Software\Classes\CLSID\{617BD0F0-640B-4E32-A275-2F15BEFB85B5}
HKCR\CLSID\{617BD0F0-640B-4E32-A275-2F15BEFB85B5}
HKCR\CLSID\{617BD0F0-640B-4E32-A275-2F15BEFB85B5}\InprocServer32
HKCR\CLSID\{617BD0F0-640B-4E32-A275-2F15BEFB85B5}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\CRYPTEX.DLL

Adware.MyWebSearch
HKU\S-1-5-21-1659004503-1214440339-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}

Trojan.Downloader-Gen/DDC
HKLM\System\ControlSet001\Services\DomainService
C:\WINDOWS\SYSTEM32\EIDDQKFA.EXE
HKLM\System\ControlSet002\Services\DomainService
HKLM\System\CurrentControlSet\Services\DomainService
C:\WINDOWS\SYSTEM32\FAOBJQJG.EXE
C:\WINDOWS\SYSTEM32\XLJWOTJX.EXE

Adware.Tracking Cookie
C:\Documents and Settings\DeBoss\Cookies\deboss@ehg-rodale.hitbox[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@ads.revsci[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@bs.serving-sys[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@msnportal.112.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@protect.spyguardpro[3].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@www.googleadservices[3].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@casalemedia[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@focalex[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@clickbank[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@toplist[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@msnaccountservices.112.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@ehg-linksys.hitbox[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@bluestreak[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@valueclick[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@partygaming.122.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@belnk[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@int.sitestat[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adinterax[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adbrite[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@www.googleadservices[6].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@cgi-bin[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@ad.outerinfo[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@ad.yieldmanager[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adrevolver[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@specificclick[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@divavillage.advertserve[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@mywebsearch[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@sonycorporate.122.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@reunioncom.112.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@www.googleadservices[4].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@www.googleadservices[5].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adopt.specificclick[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@bestsellerantivirus[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@videoegg.adbureau[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@i.screensavers[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@int.sitestat[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@media.adrevolver[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@overture[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@rocku.adbureau[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@gomyron[3].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@server.iad.liveperson[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@4.adbrite[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@microsoftwlmessengermkt.112.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@fastclick[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@ads.adbrite[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@vhost.oddcast[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@partner2profit[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@atwola[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@maxserving[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@tremor.adbureau[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@protect.spyguardpro[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adserver.matchcraft[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@image.masterstats[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@ads.pointroll[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@c5.zedo[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@microsoftwlspacesmkt.112.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@perf.overture[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@aps.media.adrevolver[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adserver.easyad[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@partypoker[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@gomyron[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adtech[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@statse.webtrendslive[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@www.googleadservices[7].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adopt.euroclick[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adultfriendfinder[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@server.iad.liveperson[3].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@spyguardpro[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@sale.bestsellerantivirus[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@torstardigital.122.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@statcounter[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@dist.belnk[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@zipzoomfly.122.2o7[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@atdmt[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@adserver.adreactor[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@www.googleadservices[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@anad.tacoda[2].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@www.googleadservices[1].txt
C:\Documents and Settings\DeBoss\Cookies\deboss@counter.hitslink[1].txt

Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1396OINUNINSTALLER.EXE

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP
C:\WINDOWS\SYSTEM32\MLKKJ.BAK1

Adware.ClickSpring/PuritySCAN
C:\WINDOWS\SYSTEM32\WCPSVTR.EXE

Here is the HJT This Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:36 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
P:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
P:\Program Files\iPod\bin\iPodService.exe
P:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Reget\IDMan.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
P:\Common\Bin\WinCinemaMgr.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TSTT Quick Assist\bin\mpbtn.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
P:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Flock\flock\flock.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
E:\Documents\Downloads\Programs\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60001
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Reget\IDMIECC.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "P:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] P:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\DeBoss\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\begin.nsu"
O4 - HKCU\..\Run: [BitDownload] "P:\Program Files\BitDownload\BitDownload.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Reget\IDMan.exe /onboot
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = P:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: TSTT Quick Assist.lnk = C:\Program Files\TSTT Quick Assist\bin\matcli.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Reget\IEGetAll.htm
O8 - Extra context menu item: Download using LeechGet - file://P:\Program Files\LeechGet 2002\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://P:\Program Files\LeechGet 2002\\Wizard.html
O8 - Extra context menu item: Download with IDM - D:\Program Files\Reget\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://P:\Program Files\LeechGet 2002\\Parser.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{99E14F7E-6F54-4FD7-9619-4B6A387ADEA1}: NameServer = 196.3.132.1,196.3.132.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - P:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - P:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 12206 bytes
 
#7 ·
Download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
--------------------------------------------------------------------
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • ...
--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
 
#8 ·
Combo Log

ComboFix 07-11-08.1 - DeBoss 2007-11-14 22:46:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.594 [GMT -4:00]
Running from: E:\Documents\Downloads\Programs\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\DeBoss\Application Data\APPATC~1
C:\Documents and Settings\DeBoss\Application Data\CROSOF~1.NET
C:\Documents and Settings\DeBoss\Application Data\FunWebProducts
C:\Documents and Settings\DeBoss\Application Data\FunWebProducts\Data\DeBoss\avatar.dat
C:\Documents and Settings\DeBoss\Application Data\inst.exe
C:\Documents and Settings\DeBoss\Application Data\PPATCH~1
C:\Documents and Settings\DeBoss\Application Data\SSTEM3~1
C:\Documents and Settings\DeBoss\Application Data\YSTEM~1
C:\Documents and Settings\DeBoss\Desktop\Live Safety Center.lnk
C:\Documents and Settings\DeBoss\Desktop\Online Security Guide.lnk
C:\Documents and Settings\DeBoss\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\appatc~1
C:\Program Files\Common Files\appatc~1\A?pPatch\
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\racle~1
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\outlook
C:\Program Files\pppatc~1
C:\Program Files\scurit~1
C:\WINDOWS\crosof~1.net
C:\WINDOWS\dobe~1
C:\WINDOWS\fnts~1
C:\WINDOWS\racle~1
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\cryptex.dll
C:\WINDOWS\system32\drivers\fgsszoca.dat
C:\WINDOWS\system32\drivers\szoxjqmt.dat
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\ps.exe
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\txgquvrb.dllbox
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\wr.txt
E:\Documents\ASEMBL~1
E:\Documents\CROSOF~1
E:\Documents\RACLE~1
E:\Documents\SEMBLY~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_YQKFOIWP
-------\yqkfoiwp

((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))
.

2007-11-14 22:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-14 15:33 85,056 --a------ C:\WINDOWS\system32\kkhgfyvv.dll
2007-11-14 15:27 79,424 --a------ C:\WINDOWS\system32\yhmadtny.dll
2007-11-14 05:58 d-------- C:\Documents and Settings\DeBoss\Application Data\BitDownload
2007-11-13 22:57 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-13 22:56 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-13 22:56 d-------- C:\Documents and Settings\DeBoss\Application Data\SUPERAntiSpyware.com
2007-11-13 15:25 85,056 --a------ C:\WINDOWS\system32\upsnpaym.dll
2007-11-13 15:23 27,776 --a------ C:\WINDOWS\Hotmail-Album-8057.zip
2007-11-13 06:00 27,776 --a------ C:\WINDOWS\Hotmail-Album-9902.zip
2007-11-13 06:00 27,776 --a------ C:\WINDOWS\Hotmail-Album-8790.zip
2007-11-13 00:59 111,853 ---hs---- C:\WINDOWS\system32\mlkkj.bak2
2007-11-13 00:59 27,776 --a------ C:\WINDOWS\Hotmail-Album-4038.zip
2007-11-12 20:59 d-------- C:\Program Files\Trend Micro
2007-11-12 20:19 d-------- C:\Documents and Settings\DeBoss\Application Data\ErrorKiller
2007-11-12 18:25 27,776 --a------ C:\WINDOWS\Hotmail-Album-6966.zip
2007-11-12 16:18 27,776 --a------ C:\WINDOWS\Hotmail-Album-7334.zip
2007-11-12 05:56 58,368 --a------ C:\ak.exe
2007-11-12 01:17 27,776 --a------ C:\WINDOWS\Hotmail-Album-8980.zip
2007-11-12 01:17 27,776 --a------ C:\WINDOWS\Hotmail-Album-8437.zip
2007-11-12 00:32 27,776 --a------ C:\WINDOWS\Hotmail-Album-7017.zip
2007-11-12 00:32 27,776 --a------ C:\WINDOWS\Hotmail-Album-2166.zip
2007-11-12 00:17 d-------- C:\Program Files\Spyware Terminator
2007-11-12 00:17 d-------- C:\Program Files\Crawler
2007-11-12 00:17 d-------- C:\Documents and Settings\DeBoss\Application Data\Spyware Terminator
2007-11-12 00:17 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-11-11 09:46 27,776 --a------ C:\WINDOWS\Hotmail-Album-5895.zip
2007-11-10 17:30 27,776 --a------ C:\WINDOWS\Hotmail-Album-2561.zip
2007-11-10 17:30 27,776 --a------ C:\WINDOWS\Hotmail-Album-0079.zip
2007-11-09 14:21 27,776 --a------ C:\WINDOWS\Hotmail-Album-1727.zip
2007-11-09 14:21 27,776 --a------ C:\WINDOWS\Hotmail-Album-1503.zip
2007-11-09 10:33 27,776 --a------ C:\WINDOWS\Hotmail-Album-8829.zip
2007-11-09 10:33 27,776 --a------ C:\WINDOWS\Hotmail-Album-0280.zip
2007-11-09 08:49 27,776 --a------ C:\WINDOWS\Hotmail-Album-4892.zip
2007-11-09 08:49 27,776 --a------ C:\WINDOWS\Hotmail-Album-3634.zip
2007-11-08 19:27 d-------- C:\Program Files\Dcads Games Collection
2007-11-08 19:27 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-08 19:27 40,731 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-08 17:25 27,776 --a------ C:\WINDOWS\Hotmail-Album-3710.zip
2007-11-08 15:07 27,776 --a------ C:\WINDOWS\Hotmail-Album-6974.zip
2007-11-08 06:24 27,776 --a------ C:\WINDOWS\Hotmail-Album-7384.zip
2007-11-08 06:10 27,776 --a------ C:\WINDOWS\Hotmail-Album-3010.zip
2007-11-07 15:12 27,776 --a------ C:\WINDOWS\Hotmail-Album-4832.zip
2007-11-07 13:47 27,776 --a------ C:\WINDOWS\Hotmail-Album-8493.zip
2007-11-06 15:42 27,776 --a------ C:\WINDOWS\Hotmail-Album-3126.zip
2007-11-05 17:38 27,776 --a------ C:\WINDOWS\Hotmail-Album-2842.zip
2007-11-05 17:10 27,776 --a------ C:\WINDOWS\Hotmail-Album-6204.zip
2007-11-05 13:52 d-------- C:\Program Files\Windows Live Toolbar
2007-11-05 10:06 27,776 --a------ C:\WINDOWS\Hotmail-Album-9154.zip
2007-11-05 10:06 27,776 --a------ C:\WINDOWS\Hotmail-Album-8422.zip
2007-11-05 05:55 27,776 --a------ C:\WINDOWS\Hotmail-Album-6750.zip
2007-11-05 00:11 27,776 --a------ C:\WINDOWS\Hotmail-Album-9002.zip
2007-11-04 23:15 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-04 23:15 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-11-04 23:15 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-11-04 23:15 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-11-04 23:15 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-11-04 23:15 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-04 23:15 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-11-04 23:13 27,776 --a------ C:\WINDOWS\Hotmail-Album-3291.zip
2007-11-04 19:20 27,776 --a------ C:\WINDOWS\Hotmail-Album-0782.zip
2007-11-04 14:40 27,776 --a------ C:\WINDOWS\Hotmail-Album-5876.zip
2007-11-04 14:40 27,776 --a------ C:\WINDOWS\Hotmail-Album-1034.zip
2007-11-04 12:20 27,776 --a------ C:\WINDOWS\Hotmail-Album-4838.zip
2007-11-04 00:13 27,776 --a------ C:\WINDOWS\Hotmail-Album-0038.zip
2007-11-03 20:42 27,776 --a------ C:\WINDOWS\Hotmail-Album-9532.zip
2007-11-03 19:49 27,776 --a------ C:\WINDOWS\Hotmail-Album-1822.zip
2007-11-03 15:06 27,776 --a------ C:\WINDOWS\Hotmail-Album-4785.zip
2007-11-02 17:03 27,776 --a------ C:\WINDOWS\Hotmail-Album-0378.zip
2007-11-02 15:04 27,776 --a------ C:\WINDOWS\Hotmail-Album-6901.zip
2007-11-01 20:59 27,776 --a------ C:\WINDOWS\Hotmail-Album-4806.zip
2007-11-01 18:01 27,776 --a------ C:\WINDOWS\Hotmail-Album-7299.zip
2007-11-01 17:08 27,776 --a------ C:\WINDOWS\Hotmail-Album-8731.zip
2007-11-01 16:48 27,776 --a------ C:\WINDOWS\Hotmail-Album-7386.zip
2007-11-01 15:09 27,776 --a------ C:\WINDOWS\Hotmail-Album-1832.zip
2007-10-31 21:49 27,776 --a------ C:\WINDOWS\Hotmail-Album-5831.zip
2007-10-31 16:23 27,776 --a------ C:\WINDOWS\Hotmail-Album-4462.zip
2007-10-31 16:22 27,776 --a------ C:\WINDOWS\Hotmail-Album-4489.zip
2007-10-24 09:47 61,532 --a------ C:\report.zip
2007-10-17 13:23 10,752 --a------ C:\WINDOWS\system32\WhoisCL.exe
2007-10-16 19:41 d-------- C:\Documents and Settings\Default User\Application Data\Gtek
2007-10-16 19:41 d-------- C:\Documents and Settings\Administrator\Application Data\Gtek
2007-10-16 19:40 d-------- C:\Program Files\Linksys EasyLink Advisor
2007-10-16 19:40 1,922,048 --a------ C:\WINDOWS\system32\gdql_lsa.dll
2007-10-16 19:40 135,168 --a------ C:\WINDOWS\system32\GoProto.dll
2007-10-16 19:40 28,672 --a------ C:\WINDOWS\system32\drivers\goprot51.sys
2007-10-16 19:40 6,977 --a------ C:\WINDOWS\system32\DDMI2.sys
2007-10-16 19:40 6,656 --a------ C:\WINDOWS\system32\DLPT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 02:21 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\DMCache
2007-11-14 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 07:08 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\MegauploadToolbar
2007-11-14 02:56 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-11 21:58 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\LimeWire
2007-11-05 21:40 --------- d-----w C:\Program Files\MSN Messenger
2007-11-05 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-27 01:51 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\Vso
2007-10-20 20:24 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\axis title
2007-10-16 23:41 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2007-10-16 23:41 --------- d--h--w C:\Documents and Settings\DeBoss\Application Data\GTek
2007-10-14 21:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-10 23:34 --------- d-----w C:\Program Files\MegauploadToolbar
2007-10-10 21:27 --------- d-----w C:\Program Files\Hewlett-Packard
2007-10-05 22:32 --------- d-----w C:\Program Files\Common Files\Motive
2007-10-03 01:50 --------- d-----w C:\Program Files\GameSpy Arcade
2007-10-02 21:55 --------- d-----w C:\Program Files\Alwil Software
2007-10-01 22:55 5,693 ----a-w C:\Program Files\DOWNLOAD_INSTALL.LOG
2007-09-24 05:18 --------- d-----w C:\Documents and Settings\DeBoss\Application Data\CyberLink
2007-09-24 05:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-09-24 05:07 --------- d-----w C:\Program Files\CyberLink
2007-09-21 02:16 --------- d-----w C:\Program Files\Winamp
2007-09-21 02:16 --------- d-----w C:\Program Files\Common Files\NSV
2007-09-18 13:27 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-18 13:06 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-08-14 00:29 209 ----a-w C:\Documents and Settings\DeBoss\9546.bat
2007-08-13 20:52 209 ----a-w C:\Documents and Settings\DeBoss\2986.bat
2007-08-13 17:51 209 ----a-w C:\Documents and Settings\DeBoss\5871.bat
2007-08-09 20:13 209 ----a-w C:\Documents and Settings\DeBoss\3903.bat
2007-08-09 10:55 167 ----a-w C:\Documents and Settings\DeBoss\3641.bat
2007-08-09 03:09 167 ----a-w C:\Documents and Settings\DeBoss\8016.bat
2007-08-08 19:19 167 ----a-w C:\Documents and Settings\DeBoss\6582.bat
2007-08-08 19:14 167 ----a-w C:\Documents and Settings\DeBoss\8835.bat
2007-08-07 13:50 167 ----a-w C:\Documents and Settings\DeBoss\3436.bat
2007-08-06 23:20 167 ----a-w C:\Documents and Settings\DeBoss\1939.bat
2007-08-06 11:01 167 ----a-w C:\Documents and Settings\DeBoss\9507.bat
2007-08-06 03:19 167 ----a-w C:\Documents and Settings\DeBoss\1689.bat
2007-08-05 13:36 167 ----a-w C:\Documents and Settings\DeBoss\7231.bat
2007-08-04 21:13 167 ----a-w C:\Documents and Settings\DeBoss\3623.bat
2007-08-04 19:27 167 ----a-w C:\Documents and Settings\DeBoss\6217.bat
2007-08-04 14:51 167 ----a-w C:\Documents and Settings\DeBoss\9639.bat
2007-08-04 03:12 167 ----a-w C:\Documents and Settings\DeBoss\3754.bat
2007-08-03 21:20 167 ----a-w C:\Documents and Settings\DeBoss\2357.bat
2007-08-03 17:50 167 ----a-w C:\Documents and Settings\DeBoss\9928.bat
2007-08-03 16:40 167 ----a-w C:\Documents and Settings\DeBoss\2330.bat
2007-08-03 15:47 167 ----a-w C:\Documents and Settings\DeBoss\4398.bat
2007-08-03 12:33 167 ----a-w C:\Documents and Settings\DeBoss\9393.bat
2007-08-03 10:06 167 ----a-w C:\Documents and Settings\DeBoss\7758.bat
2007-08-03 03:04 167 ----a-w C:\Documents and Settings\DeBoss\3731.bat
2007-08-02 22:34 167 ----a-w C:\Documents and Settings\DeBoss\5641.bat
2007-08-01 14:46 167 ----a-w C:\Documents and Settings\DeBoss\5166.bat
2007-07-30 20:29 167 ----a-w C:\Documents and Settings\DeBoss\5568.bat
2007-07-30 12:05 167 ----a-w C:\Documents and Settings\DeBoss\9492.bat
2007-07-30 10:13 167 ----a-w C:\Documents and Settings\DeBoss\9322.bat
2007-07-29 14:16 167 ----a-w C:\Documents and Settings\DeBoss\8814.bat
2007-07-28 21:39 167 ----a-w C:\Documents and Settings\DeBoss\7855.bat
2007-07-28 18:33 167 ----a-w C:\Documents and Settings\DeBoss\1475.bat
2007-07-28 03:18 167 ----a-w C:\Documents and Settings\DeBoss\2014.bat
2007-07-17 21:51 47,360 ----a-w C:\Documents and Settings\DeBoss\Application Data\pcouffin.sys
2007-06-13 15:33 167 ----a-w C:\Documents and Settings\DeBoss\8564.bat
2007-06-12 20:28 167 ----a-w C:\Documents and Settings\DeBoss\6621.bat
2007-06-11 18:27 167 ----a-w C:\Documents and Settings\DeBoss\4796.bat
2007-06-11 02:46 167 ----a-w C:\Documents and Settings\DeBoss\8570.bat
2007-06-11 01:02 167 ----a-w C:\Documents and Settings\DeBoss\5511.bat
2007-06-10 16:54 167 ----a-w C:\Documents and Settings\DeBoss\5470.bat
2007-06-10 03:00 167 ----a-w C:\Documents and Settings\DeBoss\3341.bat
2007-06-09 15:48 167 ----a-w C:\Documents and Settings\DeBoss\4002.bat
2007-06-08 19:08 167 ----a-w C:\Documents and Settings\DeBoss\5180.bat
2007-06-08 02:11 167 ----a-w C:\Documents and Settings\DeBoss\6724.bat
2007-06-08 00:44 167 ----a-w C:\Documents and Settings\DeBoss\8228.bat
2007-06-07 15:44 167 ----a-w C:\Documents and Settings\DeBoss\8061.bat
2007-06-06 20:02 167 ----a-w C:\Documents and Settings\DeBoss\1540.bat
2007-06-05 21:40 167 ----a-w C:\Documents and Settings\DeBoss\5893.bat
2007-06-04 22:18 167 ----a-w C:\Documents and Settings\DeBoss\4485.bat
2007-06-04 22:03 167 ----a-w C:\Documents and Settings\DeBoss\5640.bat
2007-06-04 21:48 167 ----a-w C:\Documents and Settings\DeBoss\7344.bat
2007-06-04 21:33 167 ----a-w C:\Documents and Settings\DeBoss\1628.bat
2007-06-04 21:18 167 ----a-w C:\Documents and Settings\DeBoss\2763.bat
2007-06-04 17:41 167 ----a-w C:\Documents and Settings\DeBoss\2339.bat
2007-06-04 03:15 167 ----a-w C:\Documents and Settings\DeBoss\1545.bat
2007-06-03 22:27 167 ----a-w C:\Documents and Settings\DeBoss\9553.bat
2007-06-03 22:12 167 ----a-w C:\Documents and Settings\DeBoss\7465.bat
2007-06-03 21:57 167 ----a-w C:\Documents and Settings\DeBoss\9334.bat
2007-06-03 21:42 167 ----a-w C:\Documents and Settings\DeBoss\9836.bat
2007-06-03 21:27 167 ----a-w C:\Documents and Settings\DeBoss\1655.bat
2007-06-03 20:57 167 ----a-w C:\Documents and Settings\DeBoss\1350.bat
2007-06-03 20:42 167 ----a-w C:\Documents and Settings\DeBoss\3420.bat
2007-06-03 20:26 167 ----a-w C:\Documents and Settings\DeBoss\5934.bat
2007-06-03 18:47 167 ----a-w C:\Documents and Settings\DeBoss\3895.bat
2007-05-30 20:51 167 ----a-w C:\Documents and Settings\DeBoss\6439.bat
2007-05-30 14:54 167 ----a-w C:\Documents and Settings\DeBoss\2582.bat
2007-05-30 14:09 167 ----a-w C:\Documents and Settings\DeBoss\1216.bat
2007-05-30 14:00 167 ----a-w C:\Documents and Settings\DeBoss\9155.bat
2007-05-30 03:31 167 ----a-w C:\Documents and Settings\DeBoss\2322.bat
2007-05-30 01:44 167 ----a-w C:\Documents and Settings\DeBoss\1706.bat
2007-05-29 19:17 167 ----a-w C:\Documents and Settings\DeBoss\5021.bat
2007-05-28 21:41 167 ----a-w C:\Documents and Settings\DeBoss\9254.bat
2007-05-28 00:24 167 ----a-w C:\Documents and Settings\DeBoss\9740.bat
2007-05-27 19:28 167 ----a-w C:\Documents and Settings\DeBoss\7260.bat
2007-05-27 02:17 167 ----a-w C:\Documents and Settings\DeBoss\2799.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 08:04]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 19:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 21:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 19:35]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-09 23:25]
"nwiz"="nwiz.exe" [2006-11-09 23:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-09 23:26]
"SMSERIAL"="sm56hlpr.exe" [2004-12-28 18:01 C:\WINDOWS\sm56hlpr.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 04:47]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 22:14]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-03-21 19:26]
"iTunesHelper"="P:\Program Files\iTunes\iTunesHelper.exe" [2006-02-23 15:45]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40]
"Motive SmartBridge"="C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe" [2006-06-27 13:03]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 22:26]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 22:17]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-27 18:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00]
"CursorXP"="P:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-09-09 22:16]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 19:04]
"NVIDIA nTune"="P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20]
"BitDownload"="P:\Program Files\BitDownload\BitDownload.exe" []
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 22:36]
"IDMan"="D:\Program Files\Reget\IDMan.exe" [2006-11-19 06:05]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 11:01]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\DeBoss\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 00:24:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - P:\Common\Bin\WinCinemaMgr.exe [2007-03-15 17:33:03]
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-03-14 13:28:04]
TSTT Quick Assist.lnk - C:\Program Files\TSTT Quick Assist\bin\matcli.exe [2007-07-25 22:49:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileMenu"=1 (0x1)
"NoResolveTrack"=1 (0x1)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= C:\WINDOWS\system32\ieframe.dll [2007-08-20 06:04 6058496]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
P:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2005-12-06 21:16 176128 P:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

R1 nvport;NVIDIA PORT IO Control Driver;\??\C:\WINDOWS\system32\Drivers\nvport.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
S1 SysTool;SysTool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\SysTool.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54d18298-e14b-11db-8145-812a2c4397e8}]
\Shell\AutoRun\command - H:\loader.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bfd0b02-e6f2-11db-8169-c3b208b5aa2d}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dd8cad2-31a0-11dc-837a-b7bf559dc89d}]
\Shell\Auto\command - H:\boot.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL boot.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-11-14 07:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-14 23:02:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-14 23:04:43 - machine was rebooted
.
--- E O F ---
 
#9 ·
Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:36 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
P:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
P:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
P:\Program Files\CursorXP\CursorXP.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Reget\IDMan.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
P:\Common\Bin\WinCinemaMgr.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\TSTT Quick Assist\bin\mpbtn.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Flock\flock\flock.exe
E:\Documents\Downloads\Programs\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60001
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Reget\IDMIECC.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "P:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TSTTQU~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] P:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "P:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\DeBoss\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\begin.nsu"
O4 - HKCU\..\Run: [BitDownload] "P:\Program Files\BitDownload\BitDownload.exe" /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Reget\IDMan.exe /onboot
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = P:\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: TSTT Quick Assist.lnk = C:\Program Files\TSTT Quick Assist\bin\matcli.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Reget\IEGetAll.htm
O8 - Extra context menu item: Download using LeechGet - file://P:\Program Files\LeechGet 2002\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://P:\Program Files\LeechGet 2002\\Wizard.html
O8 - Extra context menu item: Download with IDM - D:\Program Files\Reget\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://P:\Program Files\LeechGet 2002\\Parser.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{99E14F7E-6F54-4FD7-9619-4B6A387ADEA1}: NameServer = 196.3.132.1,196.3.132.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - P:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - P:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - P:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11398 bytes
 
#10 ·
Download and install AVG Anti-Spyware v7.5
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. As AVG Anti-Spyware may interfere with some of our other fixes, we are temporarily disabling its active protection features until your system is clean, then you can re-enable them.
  • Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update".
    Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them inaccessible for doing a scan. If this happens press Alt + Spacebar. A menu will come open, make sure you select maximize then run the scan. If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan? ", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Do not automatically generate reports".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and post the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can continue to use as an on-demand scanner or you may purchase a license to use the full version. We are installing AVG Anti-Spyware with its real-time protection disabled. Once your system is clean you may re-enable it so you can continue using this feature for the remainder of the trial period.

Please go HERE to run Panda's ActiveScan
  • You need to use IE to run this scan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top