1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WinAntiSpyware 2007 and now 941508f8-ccd9-44e0-ac29-4f1e141373f7

Discussion in 'Virus & Other Malware Removal' started by son_of_a_duck, Jul 30, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    Computer: Dell laptop running Windows XP Professional version 2002 with Service Pack 2.

    A few days ago I started getting a lot of pop-ups and requests to download WinAntiSpyware 2007. I ignored these but eventually it started causing more problems. I began running Ad-Aware SE, which found Win32.TrojanDropper and Virtumonde stuff. I allowed Ad-Aware SE to delete this but it actually didn't. Then I tried to go through and manually delete the stuff out of the registry but that doesn't work. The 941508f8-ccd9-44e0-ac29-4f1e141373f7 stuff keeps coming back in the registry. I'm close to just reformatting and starting from scratch but I decided to give this one last try. I will post my HijackThis logfile below and see if there is anything that can be done. Any help would be greatly appreciated.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:09:51 PM, on 7/30/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\stardock\TrayServer.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\WINDOWS\svhost.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\WINDOWS\g4356cbvy63.exe
    C:\WINDOWS\Kernel32.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\SON OF A DUCK\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\SON OF A DUCK\Application Data\Microsoft\Windows\eefem.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Symantec AntiVirus\VPC32.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\WINDOWS\TEMP\botFED8.tmp
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pornograb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 68.102.222.118
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.201:3689
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [MSN Messenger 32] msniu.exe
    O4 - HKLM\..\Run: [65adde9f271e] C:\WINDOWS\system32\asfsipc9.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
    O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
    O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TEMP\stdrun6.exe SKY009
    O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
    O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
    O4 - HKLM\..\Run: [Kernel32.exe] C:\WINDOWS\Kernel32.exe
    O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
    O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [BDCCW] c:\program files\BDCCW\BDCCW.exe 713
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\SON OF A DUCK\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\SON OF A DUCK\Application Data\Microsoft\Windows\eefem.exe
    O4 - HKCU\..\Run: [Brave-Sentry] C:\Program Files\BraveSentry\BraveSentry.exe
    O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
    O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\AdwareFilter.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Free WebSite Tools.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125437088278
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4708/mcfscan.cab
    O20 - AppInit_DLLs: wbsys.dll c:\windows\system32\ldcore.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 12725 bytes
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Welcome to TSG!


    Stay out of the registry, you're asking for problems

    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall

    ====================
    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
  3. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    ComboFix Log:

    ComboFix 07-07-30.2 - "SON OF A DUCK" 2007-08-01 0:32:35.2 [GMT -5:00] - NTFS
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\SYSTEM32\gghkj.ini
    C:\WINDOWS\system32\jkhgg.dll
    C:\WINDOWS\system32\pmnljjh.dll
    C:\WINDOWS\system32\pmnljjh.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\SONOFA~1\APPLIC~1\WinTouch
    C:\DOCUME~1\SONOFA~1\APPLIC~1\WinTouch\WinTouch.exe
    C:\Documents and Settings\All Users.\documents\settings
    C:\Documents and Settings\All Users.\documents\settings\bot.dll
    C:\Documents and Settings\All Users.\documents\settings\desktop.ini
    C:\WINDOWS\system32\ldcore.dll


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_ASC3550U
    -------\LEGACY_FOPN
    -------\LEGACY_NET_AGENT
    -------\LEGACY_NPF
    -------\LEGACY_NTIO256
    -------\LEGACY_RUNTIME2
    -------\asc3550u
    -------\fopn
    -------\Net Agent
    -------\NPF
    -------\ntio256


    ((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


    2007-08-01 00:20 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
    2007-08-01 00:15 <DIR> d-------- C:\Program Files\Reference Assemblies
    2007-08-01 00:11 <DIR> d-------- C:\07be3f3d8c4c97823e752402ed8bcfe9
    2007-08-01 00:08 14,048 --a------ C:\WINDOWS\SYSTEM32\spmsg2.dll
    2007-07-31 23:58 <DIR> d-------- C:\0d84f6ef4204672a354209cde241
    2007-07-31 23:36 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-30 22:09 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-30 21:46 9,769 --a------ C:\WINDOWS\nhqwm0578.exe
    2007-07-28 15:44 <DIR> d--hs---- C:\WINDOWS\CSC
    2007-07-25 12:22 97,578 --a------ C:\WINDOWS\spooldr.exe
    2007-07-25 12:22 7,968 --a------ C:\WINDOWS\SYSTEM32\spooldr.sys
    2007-07-24 18:01 45,056 --a------ C:\WINDOWS\SYSTEM32\IeExtenderPlugin.dll
    2007-07-24 17:58 9,769 --a------ C:\WINDOWS\kinsb0578.exe
    2007-07-24 17:58 6,689 --a------ C:\WINDOWS\SYSTEM32\ldcore.dll
    2007-07-24 14:08 <DIR> d-------- C:\Temp\brr
    2007-07-24 14:08 <DIR> d-------- C:\Temp\0c2
    2007-07-12 00:03 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\WTablet
    2007-07-06 14:40 192,512 --a------ C:\WINDOWS\g4356cbvy63.exe


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-01 00:51 374912 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
    2007-08-01 00:50 --------- d-------- C:\DOCUME~1\SONOFA~1\APPLIC~1\WTablet
    2007-07-27 00:33 17521 --a------ C:\WINDOWS\system32\nvModes.dat
    2007-07-24 18:00 --------- d-------- C:\Program Files\Symantec AntiVirus
    2007-07-24 17:49 --------- d-------- C:\Program Files\Trillian
    2007-07-23 03:54 --------- d-------- C:\Program Files\Button Builder Pro
    2007-07-16 12:12 --------- d--h----- C:\Program Files\WindowsUpdate
    2007-07-06 23:35 --------- d-------- C:\Program Files\Picasa2
    2007-06-25 08:54 53248 --a------ C:\WINDOWS\uni_eh44.exe
    2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
    2007-05-12 22:08 11850 --a------ C:\WINDOWS\pw.exe


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C518F0F-491B-4014-B668-22769B0418AC}]
    C:\Program Files\Internet Explorer\hokeno83122.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1DFBDC96-B6F2-4C08-BDDD-B97A153245CA}]
    C:\Program Files\Internet Explorer\hokeno4.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "1A:Stardock TrayMonitor"="C:\Program Files\Common Files\stardock\TrayServer.exe" [2003-02-14 05:57]
    "nwiz"="nwiz.exe" [2004-10-26 12:01 C:\WINDOWS\SYSTEM32\nwiz.exe]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-02-02 16:32]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 18:48]
    "bacstray"="BacsTray.exe" [2003-05-14 19:37 C:\WINDOWS\SYSTEM32\BacsTray.exe]
    "UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
    "PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
    "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
    "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2004-05-16 21:18]
    "MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29]
    "MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 15:26]
    "mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-04-19 15:45]
    "MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2004-03-24 16:56]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 18:02]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 14:19]
    "MSN Messenger 32"="msniu.exe" []
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-14 23:47]
    "EasyMessage"="C:\Program Files\Easy Message\em2.exe" [2004-06-27 16:13]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58]
    "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16]
    "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2003-05-16 15:24]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
    "MSN Messenger 32"="msniu.exe" []
    "DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2005-11-07 16:49]
    "BDCCW"="c:\program files\BDCCW\BDCCW.exe" []
    "TeoSoft AntiSpyware Pro FREE TEST"="" []
    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 09:18]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "MSN Messenger 32"=msniu.exe

    C:\Documents and Settings\SON OF A DUCK\Start Menu\Programs\Startup\
    DESKTOP.INI [2004-08-11 18:15:06]
    Stardock ObjectBar.lnk - C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe [2004-11-30 22:52:41]
    Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2004-10-25 13:40:52]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
    C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 2003-08-25 12:25 139264 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll 2001-12-21 00:34 24576 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll

    R0 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    R0 TPkd;TPkd;C:\WINDOWS\system32\drivers\TPkd.sys
    R1 MPFIREWL;MPFIREWL;C:\WINDOWS\system32\Drivers\MpFirewall.sys
    R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
    R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
    R1 StyleXPHelper;StyleXPHelper;\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe
    R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
    R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
    R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
    R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
    R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
    R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
    R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
    R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
    R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
    R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
    R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    R3 HSFHWICH;HSFHWICH;C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
    R3 MxlW2k;MxlW2k;C:\WINDOWS\system32\drivers\MxlW2k.sys
    R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
    R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
    R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    S3 DCamUSBSQTECH;Dual-Mode DSC(2770);C:\WINDOWS\system32\Drivers\SQcaptur.sys
    S3 E100B;Intel(R) PRO Adapter Driver;C:\WINDOWS\system32\DRIVERS\e100b325.sys
    S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
    S3 nm;Network Monitor Driver;C:\WINDOWS\system32\DRIVERS\NMnt.sys
    S3 PSSdk23;PSSdk23;\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv
    S3 SQLAgent$MICROSOFTBCM;SQLAgent$MICROSOFTBCM;C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


    Contents of the 'Scheduled Tasks' folder
    2007-07-15 17:41:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-01 00:51:06
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    C:\WINDOWS\spooldr.exe [1596] 0x836C58D0


    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:00000096

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-01 0:52:42 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-08-01 00:51

    --- E O F ---



    HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:57:44 AM, on 8/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Common Files\stardock\TrayServer.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pornograb.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 68.102.222.118
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.201:3689
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1C518F0F-491B-4014-B668-22769B0418AC} - C:\Program Files\Internet Explorer\hokeno83122.dll (file missing)
    O2 - BHO: (no name) - {1DFBDC96-B6F2-4C08-BDDD-B97A153245CA} - C:\Program Files\Internet Explorer\hokeno4.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [MSN Messenger 32] msniu.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [BDCCW] c:\program files\BDCCW\BDCCW.exe 713
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
    O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\AdwareFilter.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Free WebSite Tools.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125437088278
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4708/mcfscan.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11453 bytes
     
  4. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    SUPERAntiSpyware Log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/01/2007 at 03:17 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 02:11:35

    Memory items scanned : 455
    Memory threats detected : 0
    Registry items scanned : 7766
    Registry threats detected : 4
    File items scanned : 110712
    File threats detected : 242

    Adware.Tracking Cookie
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][5].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][3].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][4].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][3].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][3].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][4].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected]yware[1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][6].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][2].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt
    C:\Documents and Settings\SON OF A DUCK\Cookies\son of a [email protected][1].txt

    Trojan.Windows Overlay Components/SysMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallString

    Trojan.WinBo32/Enhance
    HKU\S-1-5-19\Software\System\sysuid

    Trojan.TagASaurus
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\DESKTOP\SEARCHUS.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\DESKTOP\SEARCHUS.EXE

    Trojan.Downloader-Gen/Micky
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\6.DLLB
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\7.DLLB

    Dialer.Dial/Gen Variant
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\MA1X1DD1V.GAME
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\MA1X1DD1V.GAME
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MAX1D1164V.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099335.EXE

    Trojan.Downloader-StdRun/Gen
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN1.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN3.EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN4.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN1.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN4.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN5.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN6.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN7.EXE

    Trojan.Downloader-StdRun/Variant
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\STDRUN8.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN14.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN15.EXE
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\STDRUN3.EXE

    Trojan.VXGame/32
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\VX1DT1.GAME
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VEDXGA1ME4T1.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP646\A0087291.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099325.EXE

    Trojan.VXGame-Gen
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\VX1DT3.GAME
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMP\VX3DT2.GAME
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\VX1DT1.GAME
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\VX1DT3.GAME
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\VX3DT2.GAME
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DLLH8JKD1Q1.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099330.EXE

    Trojan.Downloader-LDCore
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\U7WXA5I7\USER9[1].EXE
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W3YZIJ2F\USER4[1].EXE
    C:\WINDOWS\KINSB0578.EXE
    C:\WINDOWS\NHQWM0578.EXE
    C:\WINDOWS\SYSTEM32\LDCORE.DLL
    C:\WINDOWS\Prefetch\NHQWM0578.EXE-22D9C4B3.pf

    Adware.180solutions/ZangoSearch
    C:\DOCUMENTS AND SETTINGS\SON OF A DUCK\DESKTOP\FOLDERS\SETUP\SETUPEM4117.EXE

    Unclassified.Unknown Origin
    C:\MG.EXE
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\INTERNET EXPLORER\HOKENO4.DLL.VIR

    BearShare File Sharing Client
    C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\POOLSV\YAZZLEBUNDLE-1549.EXE.VIR

    Trojan.Downloader-Gen/Installer
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B103.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099336.EXE

    Trojan.Unknown Origin
    C:\QOOBOX\QUARANTINE\C\WINDOWS\B104.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\T1\KMHP83122.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNIST1.HTM.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099337.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099358.EXE

    Trojan.Downloader-Gen/BasicMath
    C:\QOOBOX\QUARANTINE\C\WINDOWS\DLS0523PMW.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099371.EXE

    Trojan.Downloader-VisFX
    C:\QOOBOX\QUARANTINE\C\WINDOWS\OFFUN.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099373.EXE

    Trojan.Downloader-MSDCom32
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PLXR.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099346.DLL

    Trojan.Downloader-Stera/WinSoftware
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\STERA.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099378.EXE

    Adware.SysMon
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\T11\Z553.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099362.EXE

    Adware.ZenoSearch
    C:\QOOBOX\QUARANTINE\C\WINDOWS\TISKY009.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099380.EXE

    Unclassified.Unknown Origin/System
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINST2.HTM.VIR

    Trojan.ZQuest
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP647\A0093296.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099345.DLL

    Trojan.Downloader-PoofPoof/Rootkit
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP647\A0097289.SYS

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0099383.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP648\A0100393.DLL

    Trojan.Downloader-Gen/Inst2
    C:\WINDOWS\PW.EXE

    Trojan.Downloader-Gen/RetAd
    C:\WINDOWS\RETADPU4.EXE.TMP

    Trace.Known Threat Sources
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\retadpu[1].exe
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7WXA5I7\32647543ygwvrhbjt3h4evjrbgnrt[1].htm
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JV1NI3HK\retadpu[1].exe
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JV1NI3HK\32647543ygwvrhbjt3h4evjrbgnrt[1].htm
     
  5. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    New HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:31:41 AM, on 8/1/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\stardock\TrayServer.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 68.102.222.118
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.201:3689
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1C518F0F-491B-4014-B668-22769B0418AC} - C:\Program Files\Internet Explorer\hokeno83122.dll (file missing)
    O2 - BHO: (no name) - {1DFBDC96-B6F2-4C08-BDDD-B97A153245CA} - C:\Program Files\Internet Explorer\hokeno4.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [MSN Messenger 32] msniu.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [BDCCW] c:\program files\BDCCW\BDCCW.exe 713
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
    O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\AdwareFilter.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Free WebSite Tools.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125437088278
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4708/mcfscan.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 11789 bytes
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    YOu have McAfee and Norton AV's - remove one of them - you only want one AV on a system

    =====================

    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.

    =============
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    O2 - BHO: (no name) - {1C518F0F-491B-4014-B668-22769B0418AC} - C:\Program Files\Internet Explorer\hokeno83122.dll (file missing)

    O2 - BHO: (no name) - {1DFBDC96-B6F2-4C08-BDDD-B97A153245CA} - C:\Program Files\Internet Explorer\hokeno4.dll (file missing)

    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

    O4 - HKLM\..\Run: [MSN Messenger 32] msniu.exe

    O4 - HKLM\..\RunServices: [MSN Messenger 32] msniu.exe

    O4 - HKCU\..\Run: [MSN Messenger 32] msniu.exe

    O4 - HKCU\..\Run: [BDCCW] c:\program files\BDCCW\BDCCW.exe 713

    O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\QOOBOX\QUARANTINE
    C:\Windows\xpupdate.exe
    c:\program files\BDCCW
    C:\WINDOWS\system32\msniu.exe

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  7. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    I was able to killbox everything but C:\Windows\xpupdate.exe and C:\WINDOWS\system32\msniu.exe

    --------------------------------
    Everything else seemed to work out but I still get a blue screen when I try to restart my computer with this stuff on it:

    Run the driver verifier against new (or suspect)
    drivers....

    If you need to use safe mode to remove or disable
    components...

    If this is the first time you've seen this stop error
    screen...

    Check to make sure any new hardware or software is
    properly installed...

    If problems continue, disable or remove any newly
    installed hardware...

    Technical information: *** STOP: 0x000000C5
    (0x00000000, 0x0000002, 0x00000001, 0x8054B407)

    Beginning dump of physical memory...

    --------------------------------
    Also, when I get to my desktop I get a few pop-ups with this message: The system has recovered from a serious error.

    ---------------------
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:37:22 PM, on 8/2/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Tablet.exe
    C:\Program Files\Common Files\stardock\TrayServer.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\WINDOWS\system32\BacsTray.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 68.102.222.118
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.1.201:3689
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [bacstray] BacsTray.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [EasyMessage] C:\Program Files\Easy Message\em2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Stardock ObjectBar.lnk = C:\Program Files\Object Desktop\ObjectBar\ObjectBar.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\AdwareFilter.exe
    O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Free WebSite Tools.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125437088278
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4708/mcfscan.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 10109 bytes
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Those errors are un-releated to the infections

    What hardware/software have you added recently

    in Control Panel - System - Hardware - Device Mgr what has Yellow exclamation marks
     
  9. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    The most recent hardware I've added is my scanner but that has been a few months. I also recently used my external harddrive. I didn't see any hardware with an exclamation mark but in the taskbar, the Symantec AntiVirus icon has a yellow exclamation mark and I get a warning saying that auto-protect is disabled.
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    You need to reinstall Norton

    Remove those items in add/remove hardware and let the system re-install them

    Do you have you XP CD
     
  11. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    I deleted the Norton I had on my computer and installed the new Symantec program, Trend Micro OfficeScan 8.0, from my college. Deleting the Norton program I had on my computer solved the pop-up warning but I'm still getting the blue screen when I try to restart or power-off.

    I do have my XP CD.
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    START RUN - sfc /scannow
     
  13. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    I just tried the scan and it didn't come up with anything.
     
  14. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Did you remove those devices in add remove hardware
     
  15. son_of_a_duck

    son_of_a_duck Thread Starter

    Joined:
    Jul 30, 2007
    Messages:
    11
    It didn't come up with anything for me to remove. I did remove the stuff you mentioned earlier though.

    I just got a pop-up from Office Scan saying it found something named TROJ_TIBS.AP with the location of C:\System Volume Information\_restore(46DE8921-1D39-44D2-A9E9-64119261F211)\RP654\A0104467.sys
    and something called Freeloader_Smitfraud.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/602887

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice