1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

trojandownloader.xs

Discussion in 'Virus & Other Malware Removal' started by opelsoccer, Nov 12, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. opelsoccer

    opelsoccer Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    4
    I've been having troubles with my computer and I have a yellow triangle message saying that I have trojandownloader.xs.

    So far i have run ad-aware to delete anything else and ran smitfraudfix in safe mode, but there still seems to be a problem. Here is a current hijackthis log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:40:03 PM, on 11/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\vvgeowbv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Updater.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\mrofinu1188.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\regsvr32.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    R3 - URLSearchHook: (no name) - <default> - (no file)
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\vvgeowbv.exe,C:\WINDOWS\system32\userinit.exe
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fcafgmkc.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M2210] "C:\DOCUME~1\DANEWE~1\LOCALS~1\Temp\mofugclq.exe"
    O4 - HKLM\..\Run: [{17-75-5B-BE-ZN}] C:\Documents and Settings\Dane Weitmann\Local Settings\Temp\T0CHD001.exe CHD001
    O4 - HKLM\..\Run: [75a17511] rundll32.exe "C:\WINDOWS\system32\idqebscx.dll",b
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - Startup: TA_Start.lnk = C:\Documents and Settings\Dane Weitmann\Local Settings\Temp\T0CHD001.exe
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RGFuZSBXZWl0bWFubg\command.exe (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8306 bytes

    any help would be great!
    thanks
     
  2. opelsoccer

    opelsoccer Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    4
    here is my combofix log:

    ComboFix 07-11-08.1 - Dane Weitmann 2007-11-12 15:22:13.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.166 [GMT -8:00]Running from: C:\Documents and Settings\Dane Weitmann\My Documents\downloads\ComboFix.exe
    * Created a new restore point
    .

    Unable to gain System Privileges

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\Dane Weitmann\Application Data\FunWebProducts
    C:\Documents and Settings\Dane Weitmann\Application Data\FunWebProducts\Data\Dane Weitmann\avatar.dat
    C:\Documents and Settings\Dane Weitmann\Application Data\FunWebProducts\Data\Dane Weitmann\register.dat
    C:\Documents and Settings\Dane Weitmann\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\Dane Weitmann\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\Dane Weitmann\Favorites\Online Security Guide.lnk
    C:\Documents and Settings\Dane Weitmann\Start Menu\Programs\Startup\TA_Start.lnk
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
    C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
    C:\Program Files\3721
    C:\Program Files\3721\assist\asbar.dll
    C:\Program Files\3721\helper.dll
    C:\Program Files\Accoona
    C:\Program Files\Accoona\ASearchAssist.dll
    C:\Program Files\akl
    C:\Program Files\akl\akl.dll
    C:\Program Files\akl\akl.exe
    C:\Program Files\akl\curlog.htm
    C:\Program Files\akl\keylog.txt
    C:\Program Files\akl\readme.txt
    C:\Program Files\akl\uninstall.exe
    C:\Program Files\akl\unsetup.dat
    C:\Program Files\akl\unsetup.exe
    C:\Program Files\amsys
    C:\Program Files\amsys\awmsg.dat
    C:\Program Files\amsys\guid.dat
    C:\Program Files\amsys\ijl15.dll
    C:\Program Files\amsys\mfc42.dll
    C:\Program Files\amsys\msvcrt.dll
    C:\Program Files\amsys\unins000.dat
    C:\Program Files\amsys\unis000.exe
    C:\Program Files\amsys\winam.dat
    C:\Program Files\e-zshopper
    C:\Program Files\e-zshopper\BarLcher.dll
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\004012A6.swf
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\0201B98C.jpg
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00042363.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0040461A.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0041518E.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0045C709.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0046487E.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\00540F68.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\005537EB.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0058AADA.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0201B769.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0201D3FA.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0045C709.jpg
    C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0046487E.jpg
    C:\Program Files\FunWebProducts\ScreenSaver\Images\101x135\0201D3FA.jpg
    C:\Program Files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
    C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
    C:\Program Files\FunWebProducts\Shared\00031619.dat
    C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.htmlx
    C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.htmlx
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
    C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
    C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico
    C:\Program Files\MyWebSearch\bar\Cache\00458DC9
    C:\Program Files\MyWebSearch\bar\Cache\004590E6.bin
    C:\Program Files\MyWebSearch\bar\Cache\0045926C.bin
    C:\Program Files\MyWebSearch\bar\Cache\00459431.bin
    C:\Program Files\MyWebSearch\bar\Cache\004595A8.bin
    C:\Program Files\MyWebSearch\bar\Cache\004597BC.bin
    C:\Program Files\MyWebSearch\bar\Cache\01135356.bin
    C:\Program Files\MyWebSearch\bar\Cache\011354FC.bin
    C:\Program Files\MyWebSearch\bar\Cache\01135692.bin
    C:\Program Files\MyWebSearch\bar\Cache\011357AB.bin
    C:\Program Files\MyWebSearch\bar\Cache\01135C4F.bin
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
    C:\Program Files\p2pnetworks
    C:\Program Files\p2pnetworks\amp2pl.exe
    C:\WINDOWS\764.exe
    C:\WINDOWS\7search.dll
    C:\WINDOWS\aconti.exe
    C:\WINDOWS\adbar.dll
    C:\WINDOWS\cbinst$.exe
    C:\WINDOWS\daxtime.dll
    C:\WINDOWS\dp0.dll
    C:\WINDOWS\eventlowg.dll
    C:\WINDOWS\fhfmm-Uninstaller.exe
    C:\WINDOWS\fhfmm.exe
    C:\WINDOWS\flt.dll
    C:\WINDOWS\hcwprn.exe
    C:\WINDOWS\hotporn.exe
    C:\WINDOWS\ie_32.exe
    C:\WINDOWS\iexplorr23.dll
    C:\WINDOWS\jd2002.dll
    C:\WINDOWS\kkcomp$.exe
    C:\WINDOWS\kkcomp.dll
    C:\WINDOWS\kkcomp.exe
    C:\WINDOWS\kvnab$.exe
    C:\WINDOWS\kvnab.dll
    C:\WINDOWS\kvnab.exe
    C:\WINDOWS\liqad$.exe
    C:\WINDOWS\liqad.dll
    C:\WINDOWS\liqad.exe
    C:\WINDOWS\liqui-Uninstaller.exe
    C:\WINDOWS\liqui.dll
    C:\WINDOWS\liqui.exe
    C:\WINDOWS\mrofinu1188.exe
    C:\WINDOWS\ngd.dll
    C:\WINDOWS\pbar.dll
    C:\WINDOWS\pbsysie.dll
    C:\WINDOWS\settn.dll
    C:\WINDOWS\spredirect.dll
    C:\WINDOWS\system32\.exe
    C:\WINDOWS\system32\bbadd.bak1
    C:\WINDOWS\system32\bbadd.bak2
    C:\WINDOWS\system32\bbadd.ini
    C:\WINDOWS\system32\ddabb.dll
    C:\WINDOWS\system32\drivers\blank.gif
    C:\WINDOWS\system32\drivers\box_1.gif
    C:\WINDOWS\system32\drivers\box_2.gif
    C:\WINDOWS\system32\drivers\box_3.gif
    C:\WINDOWS\system32\drivers\button_buynow.gif
    C:\WINDOWS\system32\drivers\button_freescan.gif
    C:\WINDOWS\system32\drivers\cell_bg.gif
    C:\WINDOWS\system32\drivers\cell_footer.gif
    C:\WINDOWS\system32\drivers\cell_header_block.gif
    C:\WINDOWS\system32\drivers\cell_header_remove.gif
    C:\WINDOWS\system32\drivers\cell_header_scan.gif
    C:\WINDOWS\system32\drivers\detect.htm
    C:\WINDOWS\system32\drivers\download_box.gif
    C:\WINDOWS\system32\drivers\download_btn.jpg
    C:\WINDOWS\system32\drivers\download_now_btn.gif
    C:\WINDOWS\system32\drivers\footer_back.jpg
    C:\WINDOWS\system32\drivers\header_1.gif
    C:\WINDOWS\system32\drivers\header_2.gif
    C:\WINDOWS\system32\drivers\header_3.gif
    C:\WINDOWS\system32\drivers\header_4.gif
    C:\WINDOWS\system32\drivers\header_red_bg.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan.gif
    C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
    C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
    C:\WINDOWS\system32\drivers\infected.gif
    C:\WINDOWS\system32\drivers\main_back.gif
    C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
    C:\WINDOWS\system32\drivers\product_1_header.gif
    C:\WINDOWS\system32\drivers\product_1_name_small.gif
    C:\WINDOWS\system32\drivers\product_2_header.gif
    C:\WINDOWS\system32\drivers\product_2_name_small.gif
    C:\WINDOWS\system32\drivers\product_3_header.gif
    C:\WINDOWS\system32\drivers\product_3_name_small.gif
    C:\WINDOWS\system32\drivers\product_features.gif
    C:\WINDOWS\system32\drivers\pt.htm
    C:\WINDOWS\system32\drivers\rating.gif
    C:\WINDOWS\system32\drivers\s_detect.htm
    C:\WINDOWS\system32\drivers\screenshot.jpg
    C:\WINDOWS\system32\drivers\sep_hor.gif
    C:\WINDOWS\system32\drivers\sep_vert.gif
    C:\WINDOWS\system32\drivers\shadow.jpg
    C:\WINDOWS\system32\drivers\shadow_bg.gif
    C:\WINDOWS\system32\drivers\spacer.gif
    C:\WINDOWS\system32\drivers\spy_away_box.jpg
    C:\WINDOWS\system32\drivers\star.gif
    C:\WINDOWS\system32\drivers\star_gray.gif
    C:\WINDOWS\system32\drivers\star_gray_small.gif
    C:\WINDOWS\system32\drivers\star_small.gif
    C:\WINDOWS\system32\drivers\style.css
    C:\WINDOWS\system32\drivers\v.gif
    C:\WINDOWS\system32\drivers\warning_icon.gif
    C:\WINDOWS\system32\drivers\win_logo.gif
    C:\WINDOWS\system32\drivers\x.gif
    C:\WINDOWS\system32\ESHOPEE.exe
    C:\WINDOWS\system32\f3PSSavr.scr
    C:\WINDOWS\system32\fcafgmkc.dllbox
    C:\WINDOWS\system32\ldcore.dll
    C:\WINDOWS\system32\ldinfo.ldr
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\msole32.exe
    C:\WINDOWS\system32\vxddsk.exe
    C:\WINDOWS\system32\wml.exe
    C:\WINDOWS\uninstall_nmon.vbs
    C:\WINDOWS\vxddsk.exe
    C:\WINDOWS\wbeCheck.exe
    C:\WINDOWS\wbeInst$.exe
    C:\WINDOWS\wml.exe
    C:\WINDOWS\xadbrk.dll
    C:\WINDOWS\xadbrk.exe
    C:\WINDOWS\xadbrk_.exe
    C:\WINDOWS\xxxvideo.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_CMDSERVICE
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NETWORK_MONITOR
    -------\cmdService


    ((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
    .

    2007-11-12 15:36 <DIR> d-------- C:\Program Files\p2pnetworks
    2007-11-12 15:36 <DIR> d-------- C:\Program Files\e-zshopper
    2007-11-12 15:36 <DIR> d-------- C:\Program Files\amsys
    2007-11-12 15:36 <DIR> d-------- C:\Program Files\akl
    2007-11-12 15:36 <DIR> d-------- C:\Program Files\Accoona
    2007-11-12 15:36 <DIR> d-------- C:\Program Files\3721
    2007-11-12 15:17 81,472 --a------ C:\WINDOWS\system32\fvlkyjkb.dll
    2007-11-12 15:16 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-11-11 23:39 <DIR> d-------- C:\Program Files\Trend Micro
    2007-11-11 23:00 18,176 --a------ C:\WINDOWS\system32\ace16win.dll
    2007-11-11 22:51 128 --a------ C:\Documents and Settings\Dane Weitmann\pdf.exe
    2007-11-11 12:04 18,432 --a------ C:\WINDOWS\fkwggshm.exe
    2007-11-11 11:54 88,128 --a------ C:\WINDOWS\system32\idqebscx.dll
    2007-11-11 11:52 4 --a------ C:\WINDOWS\system32\stfv.bin
    2007-11-11 11:51 79,936 --a------ C:\WINDOWS\system32\txkybdel.dll
    2007-11-11 11:47 36,352 --a------ C:\WINDOWS\system32\opnmlli.dll
    2007-11-11 11:46 <DIR> d-------- C:\WINDOWS\system32\acespy
    2007-11-10 11:31 12 --a------ C:\WINDOWS\system32\dpqaqlqx.bin
    2007-11-10 11:30 <DIR> d--hs---- C:\WINDOWS\RGFuZSBXZWl0bWFubg
    2007-11-10 11:30 125,444 --a------ C:\WINDOWS\system32\vvgeowbv.exe
    2007-11-10 11:30 21,504 --a------ C:\WINDOWS\system32\aivskurq.dll
    2007-11-10 11:24 3,814 --a------ C:\WINDOWS\system32\tmp.reg
    2007-11-10 11:15 <DIR> d-------- C:\Program Files\XoftSpySE
    2007-11-09 21:27 36,352 --a------ C:\WINDOWS\system32\khfeeed.dll
    2007-11-09 21:08 77,888 --a------ C:\WINDOWS\system32\cltlglvd.dll
    2007-11-09 15:36 145,984 --a------ C:\WINDOWS\system32\lwqbpoer.dll
    2007-11-09 15:36 145,984 --a------ C:\WINDOWS\system32\fcafgmkc.dll
    2007-11-08 15:08 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2007-11-08 15:04 172,032 --a------ C:\winlogon.exe
    2007-11-08 15:04 35,328 --a------ C:\WINDOWS\system32\vtusqqq.dll
    2007-11-06 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    2007-11-06 20:22 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
    2007-11-06 20:22 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
    2007-11-06 20:21 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2007-11-06 20:06 <DIR> d-------- C:\Program Files\WinMPG VideoConvert
    2007-11-06 19:54 14,540 --a------ C:\WINDOWS\system32\drivers\T10.SYS

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-12 23:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2007-11-12 23:36 31,744 ----a-w C:\WINDOWS\wbeInst$.exe
    2007-11-12 23:36 29,184 ----a-w C:\WINDOWS\cbinst$.exe
    2007-11-12 23:36 10,496 ----a-w C:\WINDOWS\system32\ESHOPEE.exe
    2007-11-12 23:35 9,472 ----a-w C:\WINDOWS\settn.dll
    2007-11-12 23:35 8,704 ----a-w C:\WINDOWS\xadbrk_.exe
    2007-11-12 23:35 8,448 ----a-w C:\WINDOWS\liqui.exe
    2007-11-12 23:35 8,448 ----a-w C:\WINDOWS\liqad$.exe
    2007-11-12 23:35 32,512 ----a-w C:\WINDOWS\pbsysie.dll
    2007-11-12 23:35 32,000 ----a-w C:\WINDOWS\xadbrk.exe
    2007-11-12 23:35 30,976 ----a-w C:\WINDOWS\kvnab.dll
    2007-11-12 23:35 30,464 ----a-w C:\WINDOWS\xadbrk.dll
    2007-11-12 23:35 29,952 ----a-w C:\WINDOWS\wbeCheck.exe
    2007-11-12 23:35 29,696 ----a-w C:\WINDOWS\hcwprn.exe
    2007-11-12 23:35 27,904 ----a-w C:\WINDOWS\adbar.dll
    2007-11-12 23:35 27,392 ----a-w C:\WINDOWS\liqui-Uninstaller.exe
    2007-11-12 23:35 27,392 ----a-w C:\WINDOWS\jd2002.dll
    2007-11-12 23:35 27,136 ----a-w C:\WINDOWS\kkcomp.dll
    2007-11-12 23:35 26,880 ----a-w C:\WINDOWS\liqad.dll
    2007-11-12 23:35 25,856 ----a-w C:\WINDOWS\liqui.dll
    2007-11-12 23:35 23,552 ----a-w C:\WINDOWS\liqad.exe
    2007-11-12 23:35 21,504 ----a-w C:\WINDOWS\daxtime.dll
    2007-11-12 23:35 20,480 ----a-w C:\WINDOWS\fhfmm-Uninstaller.exe
    2007-11-12 23:35 20,224 ----a-w C:\WINDOWS\fhfmm.exe
    2007-11-12 23:35 18,432 ----a-w C:\WINDOWS\system32\msole32.exe
    2007-11-12 23:35 16,896 ----a-w C:\WINDOWS\kkcomp.exe
    2007-11-12 23:35 16,896 ----a-w C:\WINDOWS\iexplorr23.dll
    2007-11-12 23:35 14,080 ----a-w C:\WINDOWS\kkcomp$.exe
    2007-11-12 23:35 12,800 ----a-w C:\WINDOWS\kvnab$.exe
    2007-11-12 23:35 11,008 ----a-w C:\WINDOWS\eventlowg.dll
    2007-11-12 23:35 10,240 ----a-w C:\WINDOWS\kvnab.exe
    2007-11-12 23:34 9,472 ----a-w C:\WINDOWS\aconti.exe
    2007-11-12 23:34 29,696 ----a-w C:\WINDOWS\dp0.dll
    2007-11-12 23:34 23,552 ----a-w C:\WINDOWS\flt.dll
    2007-11-12 23:34 22,528 ----a-w C:\WINDOWS\pbar.dll
    2007-11-12 23:34 21,248 ----a-w C:\WINDOWS\xxxvideo.exe
    2007-11-12 23:34 21,248 ----a-w C:\WINDOWS\ngd.dll
    2007-11-12 23:34 20,736 ----a-w C:\WINDOWS\ie_32.exe
    2007-11-12 23:34 19,712 ----a-w C:\WINDOWS\7search.dll
    2007-11-12 23:34 18,688 ----a-w C:\WINDOWS\spredirect.dll
    2007-11-12 23:34 18,176 ----a-w C:\WINDOWS\hotporn.exe
    2007-11-12 23:34 16,128 ----a-w C:\WINDOWS\vxddsk.exe
    2007-11-12 23:34 10,496 ----a-w C:\WINDOWS\wml.exe
    2007-11-12 23:30 30,464 ----a-w C:\WINDOWS\764.exe
    2007-11-12 23:15 --------- d-----w C:\Documents and Settings\Dane Weitmann\Application Data\OpenOffice.org2
    2007-11-12 07:12 --------- d-----w C:\Program Files\Yahoo!
    2007-11-12 07:10 --------- d--h--r C:\Documents and Settings\Dane Weitmann\Application Data\yahoo!
    2007-11-12 07:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
    2007-11-12 07:05 81,920 ----a-w C:\Documents and Settings\Dane Weitmann\Application Data\ezpinst.exe
    2007-11-12 07:05 47,360 ----a-w C:\Documents and Settings\Dane Weitmann\Application Data\pcouffin.sys
    2007-11-12 07:05 --------- d-----w C:\Documents and Settings\Dane Weitmann\Application Data\Vso
    2007-11-10 19:31 --------- d-----w C:\Program Files\microsoft frontpage
    2007-11-07 03:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-04 04:50 --------- d-----w C:\Program Files\AIM6
    2007-11-04 04:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2007-11-04 04:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
    2007-11-03 05:25 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-10-26 04:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2007-10-16 04:41 --------- d-----w C:\Program Files\Apple Software Update
    2007-10-11 01:44 --------- d-----w C:\Program Files\iTunes
    2007-10-11 01:43 --------- d-----w C:\Program Files\iPod
    2007-10-01 22:18 --------- d-----w C:\Program Files\Common Files\xing shared
    2007-10-01 22:18 --------- d-----w C:\Program Files\Common Files\Real
    2007-09-23 04:19 --------- d-----w C:\Documents and Settings\Dane Weitmann\Application Data\Move Networks
    2007-09-18 18:02 --------- d-----w C:\Documents and Settings\Dane Weitmann\Application Data\SolidWorks
    2007-09-16 16:45 --------- d-----w C:\Program Files\Netflix
    2007-08-22 13:12 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
    2007-08-22 13:12 658,944 ------w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-08-22 13:12 615,424 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-08-22 13:12 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-08-22 13:12 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-08-22 13:12 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
    2007-08-22 13:12 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-08-22 13:12 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-08-22 13:12 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-08-22 13:12 3,058,176 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-08-22 13:12 251,392 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
    2007-08-22 13:12 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-08-22 13:12 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-08-22 13:12 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
    2007-08-22 13:12 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-08-22 13:12 1,494,528 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
    2007-08-22 13:12 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
    2007-08-22 13:12 1,022,976 ------w C:\WINDOWS\system32\dllcache\browseui.dll
    2007-08-21 10:30 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
    2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
    2007-01-10 20:15 839,692 ----a-w C:\WINDOWS\Fonts\Crack.exe
    2007-01-10 20:15 839,691 --sh--w C:\WINDOWS\Fonts\svchost.exe
    2006-02-12 05:33 1,448 -c--a-w C:\Documents and Settings\Dane Weitmann\Application Data\wklnhst.dat
    2007-01-10 20:15:15 839,691 --sh--w C:\WINDOWS\Fonts\svchost.exe
    2005-07-30 00:24:26 472 --sha-r C:\WINDOWS\RGFuZSBXZWl0bWFubg\l3IRtm1rtq5XvqIRv0.vbs
    .
     
  3. opelsoccer

    opelsoccer Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    4
    have to use another post... here is the rest of the combo fix log

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E4136F6-A927-4337-8178-B7EBC309EFC4}]
    C:\Program Files\DittoSideBar\Dsb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38a55c58-9b69-42e7-9f23-eaf16db0cd77}]
    2007-11-12 15:17 81472 --a------ C:\WINDOWS\system32\fvlkyjkb.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D1E7A9A-FF38-4C63-93AE-32B5FFE749FA}]
    2007-08-02 05:43 282624 --a------ C:\Program Files\MSN Gaming Zone\mezokepow555077.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
    2007-11-09 15:36 145984 --a------ C:\WINDOWS\system32\fcafgmkc.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
    2007-11-08 15:04 35328 --a------ C:\WINDOWS\system32\vtusqqq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF442538-BE32-4055-A549-2F3B699F55EB}]
    2007-11-10 11:30 21504 --a------ C:\WINDOWS\system32\aivskurq.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\fcafgmkc.dll [2007-11-09 15:36 145984]

    [HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 14:21]
    "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 04:12]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 04:11]
    "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 13:01]
    "iRiver Updater"="\Updater.exe" [2004-07-01 13:20]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05]
    "EPSON Stylus Photo R220 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.exe" [2005-03-09 04:00]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
    "Host Process"="C:\WINDOWS\Fonts\svchost.exe" [2007-01-10 12:15]
    "{17-75-5B-BE-ZN}"="C:\Documents and Settings\Dane Weitmann\Local Settings\Temp\T0CHD001.exe" []
    "75a17511"="C:\WINDOWS\system32\idqebscx.dll" [2007-11-11 11:54]
    "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Aim6"="" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"=1 (0x1)
    "AllowUnhashedWebView"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\vtusqqq.dll [2007-11-08 15:04 35328]

    [HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcafgmkc]
    fcafgmkc.dll 2007-11-09 15:36 145984 C:\WINDOWS\system32\fcafgmkc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtusqqq]
    vtusqqq.dll 2007-11-08 15:04 35328 C:\WINDOWS\system32\vtusqqq.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingsa32]
    wingsa32.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddabb.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dane Weitmann^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=C:\Documents and Settings\Dane Weitmann\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dane Weitmann^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
    path=C:\Documents and Settings\Dane Weitmann\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dane Weitmann^Start Menu^Programs^Startup^Webshots.lnk]
    path=C:\Documents and Settings\Dane Weitmann\Start Menu\Programs\Startup\Webshots.lnk
    backup=C:\WINDOWS\pss\Webshots.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    C:\Program Files\Common Files\AOL\1162254274\ee\AOLSoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    "C:\Program Files\iTunes\iTunesHelper.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    C:\Program Files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    C:\Program Files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]
    C:\Program Files\MediaGateway\MediaGateway.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
    C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

    R0 IFP300;iriver Internet Audio Player IFP-300;C:\WINDOWS\system32\DRIVERS\ifp300.sys
    R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
    S2 pciinfo;HP Pci Information;\??\C:\DOCUME~1\DANEWE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys
    S3 TIEHDUSB;TIEHDUSB;C:\WINDOWS\system32\drivers\tiehdusb.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a81dd36e-526e-11db-a07b-0014a516274f}]
    \Shell\AutoRun\command - E:\LaunchU3.exe

    .
    Contents of the 'Scheduled Tasks' folder
    "2007-10-22 18:30:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    "2007-11-12 23:43:47 C:\WINDOWS\Tasks\XoftSpySE 2.job"
    - C:\Program Files\XoftSpySE\XoftSpy.exe
    "2007-11-10 19:16:05 C:\WINDOWS\Tasks\XoftSpySE.job"
    .
    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-12 15:47:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?4?1?8??????? ???B?????????????hLC? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-12 15:50:46 - machine was rebooted
    .
    --- E O F ---


    and here is my hijack this log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:52:03 PM, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Updater.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    R3 - URLSearchHook: (no name) - <default> - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
    O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
    O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
    O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
    O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
    O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
    O2 - BHO: CEffBarBHO Object - {2E4136F6-A927-4337-8178-B7EBC309EFC4} - C:\Program Files\DittoSideBar\Dsb.dll (file missing)
    O2 - BHO: {77dc0bd6-1fae-32f9-7e24-96b985c55a83} - {38a55c58-9b69-42e7-9f23-eaf16db0cd77} - C:\WINDOWS\system32\fvlkyjkb.dll
    O2 - BHO: (no name) - {4D1E7A9A-FF38-4C63-93AE-32B5FFE749FA} - C:\Program Files\MSN Gaming Zone\mezokepow555077.dll
    O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
    O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
    O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
    O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
    O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
    O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\fcafgmkc.dll
    O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
    O2 - BHO: (no name) - {BCC73622-F72D-4277-803C-D65565A0947F} - C:\WINDOWS\system32\vtusqqq.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: aivskurq.msdn_hlp - {BF442538-BE32-4055-A549-2F3B699F55EB} - C:\WINDOWS\system32\aivskurq.dll
    O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
    O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
    O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
    O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
    O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
    O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
    O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
    O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fcafgmkc.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [{17-75-5B-BE-ZN}] C:\Documents and Settings\Dane Weitmann\Local Settings\Temp\T0CHD001.exe CHD001
    O4 - HKLM\..\Run: [75a17511] rundll32.exe "C:\WINDOWS\system32\idqebscx.dll",b
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O20 - Winlogon Notify: fcafgmkc - C:\WINDOWS\SYSTEM32\fcafgmkc.dll
    O20 - Winlogon Notify: vtusqqq - C:\WINDOWS\SYSTEM32\vtusqqq.dll
    O20 - Winlogon Notify: wingsa32 - wingsa32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 10222 bytes


    seems to be running a lot better and haven't had any triangle alerts yet

    thanks
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!

    Download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    --------------------------------------------------------------------
    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    --------------------------------------------------------------------

    Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
     
  5. opelsoccer

    opelsoccer Thread Starter

    Joined:
    Nov 12, 2007
    Messages:
    4
    I also did another ad-aware scan and it looks like the trojandownloader.xs is gone, but I still have some other viruses...

    these are the ones that were found:

    Bargain buddy
    win32.spyware.acoona
    7FaSSt
    AdBreak
    Toolbar.Softo
    win32.TrojanClicker
    AdBlaster
    AdBar
    Adware.Z-quest
    404search

    quite the mess...
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download : Download AVG Anti-Spyware 7.5 and save that file to your desktop.
    This is a 30 day trial of the program
    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    2. Select &#8220;Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
      Right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
      Go to Start > Run and type: services.msc
    3. Press "OK".
    4. In Services, click the "Extended tab" and scroll down the list to find AVG anti-spyware 7.5 guard.
    5. When you find the guard service, double-click on it.
    6. In the Properties Window > General Tab that opens, click the "Stop" button.
    7. From the drop-down menu next to "Startup Type", click on "Manual".
    8. Now click "Apply", then "OK" and close the Services window.
    9. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    10. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
        If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
    11. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    12. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    13. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet. We will shortly.

    Click My Computer, then C:\
    In the menu bar, File->New->Folder.
    That will create a folder named New Folder, which you can rename to "BFU"

    Please download Brute Force Uninstaller to your desktop.
    • Right click the BFU folder on your desktop, and choose Extract All
    • Click "Next"
    • In the box to choose where to extract the files to,
    • Click "Browse"
    • Click on the + sign next to "My Computer"
    • Click on "Local Disk ( C: ) or whatever your primary drive is
    • Click "Make New Folder"
    • Type in BFU
    • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
    3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
    Save it in the same folder you made earlier (c:\BFU).

    Do not run the Uninstaller and the Remover yet.

    Please reboot into Safemode:
    Turn on the computer.
    Immediately begin tapping the F8 key.
    Use the arrow keys to highlight Safe Mode and press the Enter key.

    • While in Safe Mode, Scan with AVG Anti-Spyware as follows:
      1. Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
      • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
      • Under "How to Scan?" check all (default).
      • Under "Possibly unwanted software" check all (default).
      • Under "What to Scan?" make sure "Scan every file" is selected (default).
      • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
      2. Click the "Scan" tab to return to scanning options.
      3. Click "Complete System Scan" to start.
      4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

      IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

      5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
      6. Exit AVG Anti-Spyware

    Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe

    Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu

    Press execute and let it do its job.

    Wait for the complete script execution box to pop up and press OK.
    Press exit to terminate the BFU program.

    Reboot into normal windows and post the contents of the AVG Anti-Spyware text report that you saved and a new HiJackThis log.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/650853

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice