Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old December 9th, 2007, 05:45 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
E may, vao day coi co con nho nay ngon lam http://nhatquanglan.xlphp.net/

help please, our pc has a new virus and im not sure what it is. our messenger is now starting to send our contacts messages like this one:

E may, vao day coi co con nho nay ngon lam http://nhatquanglan.xlphp.net/

that's the only sign that we have a virus, everything else seems fine, thanks! here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:20 PM, on 12/9/2007
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Microsoft Encarta\Encarta Premium Suite 2005\EDICT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
E:\SSCVIHOST.exe
E:\SSCVIHOST.exe
E:\SSCVIHOST.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\moraleja\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe SSCVIHOST.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony] "C:\Program Files\SONY ERICSSON W810i DESKMATE\SONY ERICSSON W810i DESKMATE.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [Yahoo Messengger] C:\WINDOWS\system32\SSCVIHOST.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Button Manager.lnk = C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\system32\idwlog.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdspl ay.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10213 bytes

thanks a lot!
Reply With Quote


  #2  
Old December 9th, 2007, 08:17 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"SharpTray" = ""C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"" [null data]
"Yahoo Messengger" = "C:\WINDOWS\system32\SSCVIHOST.exe" [null data]

HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once\ {++}
"L05ZDXRC_3429721" = ""C:\Program Files\Microsoft Encarta\Encarta Premium Suite 2005\EDICT.EXE" -m" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"BigDogPath" = "C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera" ["BIGDOG"]
"Sunkist2k" = "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Sony" = ""C:\Program Files\SONY ERICSSON W810i DESKMATE\SONY ERICSSON W810i DESKMATE.exe"" [file not found]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"StormCodec_Helper" = ""C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
<<!>> "{AD0ACA58-656F-61DA-9DFE-5D20F4F611BA}" = "*W" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\cs1sa1f.dll" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Shell" = "Explorer.exe SSCVIHOST.exe" [MS], [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NofolderOptions" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Removes the Folder Options menu item from the Tools menu}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}

"DisableTaskMgr" = (REG_DWORD) hex:0x00000001
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\moraleja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Reply With Quote
  #3  
Old December 10th, 2007, 08:37 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Hi melmoraleja. The worm that your OS is infected with also infects flash drives so make sure that your flash drive is plugged in when you run this fix.

Download the latest version of Combofix.exe from here and save it to your Desktop.

Doubleclick on combofix.exe and follow the prompts. A window will open with a warning. Type "1" (and Enter) to start the fix. When the scan completes, Disk Cleanup will run and then a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Copy this log in your next reply together with a new HijackThis log and a new Silent Runners log (you didnt wait for Silent Runners to finish scanning when you posted the other log. Wait for the popup that tells you the log is ready).
Reply With Quote
  #4  
Old December 20th, 2007, 06:05 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
hi annmarie!!! here are the logs! thanks!

ComboFix 07-12-20.1 - moraleja 2007-12-20 13:03:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.429 [GMT -8:00]
Running from: C:\Documents and Settings\moraleja\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\moraleja\Application Data\DriveCleaner Free
C:\Documents and Settings\moraleja\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\moraleja\ResErrors.log
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\laststat.dat
C:\Program Files\FunWebProducts
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\setting.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 )))))))))))))))))))))))))))))))
.

2007-12-09 14:02 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-09 14:02 . 2004-01-09 02:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-09 14:02 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-09 14:02 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-09 14:02 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-09 14:02 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-09 14:02 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-09 14:02 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-08 13:11 . 2007-12-08 13:11 <DIR> d-------- C:\Program Files\FashionFits_at
2007-12-08 13:11 . 2007-12-08 13:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fugazo
2007-12-02 09:41 . 2007-12-02 09:41 <DIR> d-------- C:\Documents and Settings\moraleja\Application Data\Raptisoft
2007-12-01 19:36 . 2007-12-01 19:36 <DIR> d-------- C:\Documents and Settings\moraleja\Application Data\Catena Software
2007-12-01 19:35 . 2007-12-01 19:35 <DIR> d-------- C:\Program Files\SIMetrixIntro53
2007-12-01 13:04 . 2007-12-01 13:04 <DIR> d-------- C:\Program Files\Luxor_at
2007-12-01 13:04 . 2005-04-12 16:29 802,816 --a------ C:\WINDOWS\FeedingFrenzy.scr
2007-12-01 11:56 . 2007-12-01 11:56 <DIR> d-------- C:\Program Files\SallysSalon_at
2007-12-01 11:42 . 2007-12-01 11:42 <DIR> d-------- C:\EASy68K
2007-11-30 17:21 . 2007-11-30 18:22 <DIR> d-------- C:\Program Files\ParadisePetSalon_at

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-16 18:21 --------- d-----w C:\Program Files\Incomplete
2007-12-16 18:20 --------- d-----w C:\Program Files\LimeWire
2007-12-16 16:00 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-12-15 01:08 --------- d-----w C:\Documents and Settings\moraleja\Application Data\LimeWire
2007-12-09 23:48 --------- d-----w C:\Documents and Settings\moraleja\Application Data\AVG7
2007-12-09 01:55 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-12-02 17:50 --------- d-----w C:\Program Files\GoldMinerVegas_at
2007-12-02 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 21:01 --------- d-----w C:\Program Files\JanesHotel_at
2007-12-01 03:47 --------- d-----w C:\Program Files\BellesBeautyBoutique_at
2007-11-25 23:27 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-19 04:57 --------- d-----w C:\Documents and Settings\moraleja\Application Data\Jane s Hotel
2007-11-17 22:44 --------- d-----w C:\Program Files\iTunes
2007-11-17 22:44 --------- d-----w C:\Program Files\iPod
2007-11-17 22:42 --------- d-----w C:\Program Files\QuickTime
2007-11-16 18:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-11-09 04:10 --------- d-----w C:\Documents and Settings\moraleja\Application Data\uTorrent
2007-11-08 19:00 --------- d-----w C:\Program Files\Hamsterball_at
2007-10-24 23:53 --------- d-----w C:\Program Files\Winamp
2007-10-24 23:50 --------- d-----w C:\Program Files\Multimedia Card Reader
2007-10-24 23:41 --------- d-----w C:\Program Files\Google
2007-10-22 01:04 --------- d-----w C:\Program Files\Quake III Arena
2007-10-22 00:56 --------- d-----w C:\Program Files\Electronic Arts
2007-10-22 00:43 --------- d-----w C:\Program Files\Rockstar Games
2007-10-21 19:15 --------- d-----w C:\Program Files\Java
2006-02-26 17:08 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-02-05 06:43 9,659,807 ----a-w C:\Program Files\fcrsetup.exe
2005-09-12 22:21 67,328 -c--a-w C:\Documents and Settings\xp professional\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{015407A9-D183-4379-8452-DFD7C2297902}"= C:\Program Files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{015407a9-d183-4379-8452-dfd7c2297902}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{B3A98058-DE1F-413f-9921-FF3EEA6B716F}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-02-18 18:16]
"SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [2002-10-24 19:46]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-05-02 15:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-02-18 10:02 C:\WINDOWS\system32\bthprops.cpl]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 16:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Sony"="C:\Program Files\SONY ERICSSON W810i DESKMATE\SONY ERICSSON W810i DESKMATE.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2007-12-09 15:47]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 09:38]
"SiSPower"="Rundll32.exe" [2004-02-18 10:02 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-25 23:03 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 02:04 C:\WINDOWS\SkyTel.exe]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 10:30]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 05:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-12-09 15:47]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Button Manager.lnk - C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe [2007-09-02 13:29:59]
IDW Logging Tool.lnk - C:\WINDOWS\system32\idwlog.exe [2004-02-18 10:02:44]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-09-01 14:01:25]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AD0ACA58-656F-61DA-9DFE-5D20F4F611BA}"= C:\WINDOWS\system32\cs1sa1f.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^moraleja^Start Menu^Programs^Startup^Registration Prince of Persia Warrior Within.LNK]
path=C:\Documents and Settings\moraleja\Start Menu\Programs\Startup\Registration Prince of Persia Warrior Within.LNK
backup=C:\WINDOWS\pss\Registration Prince of Persia Warrior Within.LNKStartup

R2 SC0CLPT;SC0CLPT;C:\WINDOWS\system32\SC0CLPT.SYS [2002-05-26 16:43]
R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys []
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2003-12-05 05:39]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2003-12-05 05:39]
S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2003-12-05 05:39]
S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 13:55]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{001e07a1-bed1-11db-ac25-806d6172696f}]
\Shell\AutoRun\command - E:\SSCVIHOST.exe
\Shell\Open\command - E:\SSCVIHOST.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{2ca72c02-3454-11da-a69b-806d6172696f}]
\Shell\AutoRun\command - New Document.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{30df6bcd-7a7a-11dc-ad86-806d6172696f}]
\Shell\0pen\command - E:\krag.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{3affa837-5f0a-11da-a7c5-806d6172696f}]
\Shell\AutoRun\command - I:\
\Shell\explore\Command -
\Shell\open\Command -

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{996a7c62-8b02-11dc-ad9e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL exiplorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ef6f6c03-8a40-11dc-ad9d-806d6172696f}]
\Shell\0pen\command - E:\krag.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL krag.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-12-15 22:05:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-16 17:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\blastclnnn.exe
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 13:07:41
Windows 5.1.2600 Service Pack 2, v.2082 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-20 13:08:17
Reply With Quote
  #5  
Old December 20th, 2007, 06:05 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"SharpTray" = ""C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"" [null data]
"Yahoo! Pager" = ""C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"BigDogPath" = "C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera" ["BIGDOG"]
"Sunkist2k" = "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"Sony" = ""C:\Program Files\SONY ERICSSON W810i DESKMATE\SONY ERICSSON W810i DESKMATE.exe"" [file not found]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"SiSPower" = "Rundll32.exe SiSPower.dll,ModeAgent" [MS]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]
"StormCodec_Helper" = ""C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{0561EC90-CE54-4f0c-9C55-E226110A740C}" = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]
<<!>> "{AD0ACA58-656F-61DA-9DFE-5D20F4F611BA}" = "*_" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\cs1sa1f.dll" [file not found]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\
{0561EC90-CE54-4f0c-9C55-E226110A740C}\(Default) = "Haali Column Provider"
-> {HKLM...CLSID} = "Haali Column Provider"
\InProcServer32\(Default) = "C:\WINDOWS\system32\mmfinfo.dll" [null data]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Loca l Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\moraleja\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "moraleja" & "All Users" startup folders:
----------------------------------------------------------

C:\Documents and Settings\moraleja\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
"Button Manager" -> shortcut to: "C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe" ["SHARP CORPORATION"]
"IDW Logging Tool" -> shortcut to: "C:\WINDOWS\system32\idwlog.exe -3" [MS]
"Utility Tray" -> shortcut to: "C:\WINDOWS\system32\sistray.exe" ["Silicon Integrated Systems Corporation"]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"At1" -> launches: "C:\WINDOWS\system32\blastclnnn.exe" [file not found]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{015407A9-D183-4379-8452-DFD7C2297902}"
-> {HKLM...CLSID} = "Cole2k Media Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll" [file not found]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\(Default) = (no title provided)
-> {HKLM...CLSID} = "&Yahoo! Messenger"
\InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\yhexbmesaa.dll" ["Yahoo! Inc."]
{9455301C-CF6B-11D3-A266-00C04F689C50}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Encarta &Researcher"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\
"ButtonText" = "Yahoo! Services"
"CLSIDExtension" = "{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}"
-> {HKLM...CLSID} = "Yahoo! IE Services Button"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\yiesrvc.dll" ["Yahoo! Inc."]

{85D1F590-48F4-11D9-9669-0800200C9A66}\
"MenuText" = "Uninstall BitDefender Online Scanner v8"
"Exec" = "%windir%\bdoscandel.exe" [null data]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{9455301C-CF6B-11D3-A266-00C04F689C50}\
"ButtonText" = "Researcher"

{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "*X" (unwritable string)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Apple Mobile Device, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" ["Apple, Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\
EPSON V5 2KMonitor\Driver = "EBPMON2.DLL" ["SEIKO EPSON CORPORATION"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
SHARP AL-1200(USB) series Language Monitor\Driver = "sc0cLMON.DLL" ["SHARP"]


----------
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 46 seconds, including 9 seconds for message boxes)
Reply With Quote
  #6  
Old December 20th, 2007, 06:06 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:41 PM, on 12/20/2007
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\moraleja\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony] "C:\Program Files\SONY ERICSSON W810i DESKMATE\SONY ERICSSON W810i DESKMATE.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Button Manager.lnk = C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\system32\idwlog.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdspl ay.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10391 bytes
Reply With Quote
  #7  
Old December 20th, 2007, 09:40 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Are you being helped elsewhere melmoraleja? Your first set of logs showed a number of malware startups and processes however some of these have disappeared from from the second set of logs for no apparent reason. ComboFix didnt remove them either.
Reply With Quote
  #8  
Old December 20th, 2007, 10:47 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
my sister told me that she scanned our pc using avgfree. that must've deleted the problems, why? is it clean already?? thanks a lot!
Reply With Quote
  #9  
Old December 20th, 2007, 10:53 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Code:
why?
Some folk post at two different boards and attempt to follow what may be conflicting advice. This is not a good idea for obvious reasons but this does not appear to be the case in your instance.

Quote:
is it clean already??
The Hijack This log looks ok but the other logs do not. We still have some work to do.

Open Notepad and copy and paste the below text in it:

Code:
@echo off
%systemdrive%
cd C:\WINDOWS\Tasks
attrib -r -s -h At1.job
del At1.job
Click on Save As. Save the file as Remove.bat and make sure that All Files is selected in Save As Type. Doubleclick to run. A dos window will open and close again, this is normal.

Make sure that your Flash drive and any external drives are plugged in and open notepad and copy and paste the text in the codebox below into it:

Code:
File::
E:\SSCVIHOST.exe
E:\krag.exe
C:\WINDOWS\system32\exiplorer.exe
C:\WINDOWS\krag.exe
C:\New Document.exe

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AD0ACA58-656F-61DA-9DFE-5D20F4F611BA}"=-
[-HKEY_CLASSES_ROOT\CLSID\{AD0ACA58-656F-61DA-9DFE-5D20F4F611BA}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{001e07a1-bed1-11db-ac25-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ca72c02-3454-11da-a69b-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30df6bcd-7a7a-11dc-ad86-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3affa837-5f0a-11da-a7c5-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{996a7c62-8b02-11dc-ad9e-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef6f6c03-8a40-11dc-ad9d-806d6172696f}]
Go to File > Save As and save the file as CFScript.txt and set the location to your Desktop. Drag CFScript.txt and drop it into ComboFix.exe. See below:



ComboFix will run again. When the fix completes it will create a C:\ComboFix.txt log. Please post that log in your next reply.
Reply With Quote
  #10  
Old December 23rd, 2007, 03:14 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
here are the new logs! thanks!

ComboFix 07-12-20.1 - moraleja 2007-12-23 10:15:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.396 [GMT -8:00]
Running from: C:\Documents and Settings\moraleja\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\moraleja\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\New Document.exe
C:\WINDOWS\krag.exe
C:\WINDOWS\system32\exiplorer.exe
E:\krag.exe
E:\SSCVIHOST.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-23 to 2007-12-23 )))))))))))))))))))))))))))))))
.

2007-12-23 08:11 . 2007-12-23 10:14 <DIR> d-------- C:\mommy files
2007-12-21 10:22 . 2007-12-21 10:22 <DIR> d-------- C:\Documents and Settings\moraleja\logs
2007-12-09 14:02 . 2007-12-04 05:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-09 14:02 . 2004-01-09 02:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-09 14:02 . 2007-12-04 04:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-09 14:02 . 2007-12-04 06:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-09 14:02 . 2007-12-04 06:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-09 14:02 . 2007-12-04 06:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-09 14:02 . 2007-12-04 06:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-09 14:02 . 2007-12-04 06:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-08 13:11 . 2007-12-08 13:11 <DIR> d-------- C:\Program Files\FashionFits_at
2007-12-08 13:11 . 2007-12-08 13:11 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Fugazo
2007-12-02 09:41 . 2007-12-02 09:41 <DIR> d-------- C:\Documents and Settings\moraleja\Application Data\Raptisoft
2007-12-01 19:36 . 2007-12-01 19:36 <DIR> d-------- C:\Documents and Settings\moraleja\Application Data\Catena Software
2007-12-01 19:35 . 2007-12-01 19:35 <DIR> d-------- C:\Program Files\SIMetrixIntro53
2007-12-01 13:04 . 2007-12-01 13:04 <DIR> d-------- C:\Program Files\Luxor_at
2007-12-01 13:04 . 2005-04-12 16:29 802,816 --a------ C:\WINDOWS\FeedingFrenzy.scr
2007-12-01 11:56 . 2007-12-01 11:56 <DIR> d-------- C:\Program Files\SallysSalon_at
2007-12-01 11:42 . 2007-12-01 11:42 <DIR> d-------- C:\EASy68K
2007-11-30 17:21 . 2007-11-30 18:22 <DIR> d-------- C:\Program Files\ParadisePetSalon_at

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-12-23 07:56 --------- d-----w C:\Documents and Settings\moraleja\Application Data\uTorrent
2007-12-16 18:21 --------- d-----w C:\Program Files\Incomplete
2007-12-16 18:20 --------- d-----w C:\Program Files\LimeWire
2007-12-16 16:00 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-12-15 01:08 --------- d-----w C:\Documents and Settings\moraleja\Application Data\LimeWire
2007-12-09 23:48 --------- d-----w C:\Documents and Settings\moraleja\Application Data\AVG7
2007-12-09 01:55 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-12-02 17:50 --------- d-----w C:\Program Files\GoldMinerVegas_at
2007-12-02 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-01 21:01 --------- d-----w C:\Program Files\JanesHotel_at
2007-12-01 03:47 --------- d-----w C:\Program Files\BellesBeautyBoutique_at
2007-11-25 23:27 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-19 04:57 --------- d-----w C:\Documents and Settings\moraleja\Application Data\Jane s Hotel
2007-11-17 22:44 --------- d-----w C:\Program Files\iTunes
2007-11-17 22:44 --------- d-----w C:\Program Files\iPod
2007-11-17 22:42 --------- d-----w C:\Program Files\QuickTime
2007-11-16 18:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-11-08 19:00 --------- d-----w C:\Program Files\Hamsterball_at
2007-10-24 23:53 --------- d-----w C:\Program Files\Winamp
2007-10-24 23:50 --------- d-----w C:\Program Files\Multimedia Card Reader
2007-10-24 23:41 --------- d-----w C:\Program Files\Google
2006-02-26 17:08 359,112 ----a-w C:\Program Files\LimeWireWin.exe
2006-02-05 06:43 9,659,807 ----a-w C:\Program Files\fcrsetup.exe
2005-09-12 22:21 67,328 -c--a-w C:\Documents and Settings\xp professional\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2007-12-20_13.07.41.74 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-20 21:03:07 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.da t
+ 2007-12-23 18:15:26 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.da t
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{015407A9-D183-4379-8452-DFD7C2297902}"= C:\Program Files\Cole2k Media Toolbar\v2.0.0.2\Cole2k_Media_Toolbar.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{015407a9-d183-4379-8452-dfd7c2297902}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{B3A98058-DE1F-413f-9921-FF3EEA6B716F}]
[HKEY_CLASSES_ROOT\ToolBar.ToolBarObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-02-18 18:16]
"SharpTray"="C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" [2002-10-24 19:46]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-05-02 15:51]
"Chikka"="C:\Program Files\Chikka Messenger\Chikka v.4\\ChikkaLauncher.exe" [2007-06-01 14:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-02-18 10:02 C:\WINDOWS\system32\bthprops.cpl]
"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2004-06-09 15:37]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2004-09-03 16:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Sony"="C:\Program Files\SONY ERICSSON W810i DESKMATE\SONY ERICSSON W810i DESKMATE.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc. exe" [2007-12-09 15:47]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 09:38]
"SiSPower"="Rundll32.exe" [2004-02-18 10:02 C:\WINDOWS\system32\rundll32.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-25 23:03 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 02:04 C:\WINDOWS\SkyTel.exe]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 10:30]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2007-12-04 05:00]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw. exe" [2007-12-09 15:47]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Button Manager.lnk - C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe [2007-09-02 13:29:59]
IDW Logging Tool.lnk - C:\WINDOWS\system32\idwlog.exe [2004-02-18 10:02:44]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-09-01 14:01:25]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^moraleja^Start Menu^Programs^Startup^Registration Prince of Persia Warrior Within.LNK]
path=C:\Documents and Settings\moraleja\Start Menu\Programs\Startup\Registration Prince of Persia Warrior Within.LNK
backup=C:\WINDOWS\pss\Registration Prince of Persia Warrior Within.LNKStartup

R2 SC0CLPT;SC0CLPT;C:\WINDOWS\system32\SC0CLPT.SYS [2002-05-26 16:43]
R3 ZSMC302;VIMICRO USB PC Camera;C:\WINDOWS\system32\Drivers\usbVM31b.sys [2004-08-17 11:44]
S2 nvcap;nVidia WDM Video Capture (universal);C:\WINDOWS\system32\DRIVERS\nvcap.sys []
S2 nvTUNEP;nVidia WDM TVTuner;C:\WINDOWS\system32\DRIVERS\nvtunep.sys []
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S2 NVXBAR;nVidia WDM A/V Crossbar;C:\WINDOWS\system32\DRIVERS\NVxbar.sys []
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2003-12-05 05:39]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;C:\WINDOWS\system32\Drivers\pixmcva.sys [2003-12-05 05:39]
S3 PIXMCVV;JVC PIX-MCV Video Capture;C:\WINDOWS\system32\Drivers\pixmcvv.sys [2003-12-05 05:39]
S3 SunkFilt6;Alcor Micro Corp - 6360;C:\WINDOWS\System32\Drivers\sunkfilt6.sys []
S3 SunkFilt62;Alcor Micro Corp - 6362;C:\WINDOWS\System32\Drivers\sunkfilt62.sys [2004-07-23 13:55]

.
Contents of the 'Scheduled Tasks' folder
"2007-12-22 22:05:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-23 10:19:28
Windows 5.1.2600 Service Pack 2, v.2082 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-23 10:20:35
C:\ComboFix2.txt ... 2007-12-20 13:08
Reply With Quote
  #11  
Old December 23rd, 2007, 07:40 AM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
I gather you created the below folder?

C:\mommy files


Go here and download ATF cleaner (do not download the Recommended Download on the mirror site). Use it to remove all Temp Files, Cookies and Temp Internet Files, Java Cache and any others that you would like to remove. If you also use Opera or Firefox, also click on the cleaning options for each browser.

Next, disable your antivirus program and go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit > Select All then copy the log and paste it back here.

Run Hijack This again and post a new log please. Also tell me if you still have any problems.
Reply With Quote
  #12  
Old December 23rd, 2007, 11:24 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
here's the bitdefender scan! thanks!

BitDefender Online Scanner



Scan report generated at: Sun, Dec 23, 2007 - 18:28:58





Scan path: C:\;D:\;E:\;







Statistics

Time
01:15:36

Files
377638

Folders
8588

Boot Sectors
4

Archives
2540

Packed Files
12300




Results

Identified Viruses
3

Infected Files
8

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
8




Engines Info

Virus Definitions
883977

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\$VAULT$.AVG\07292255.FIL
Infected with: Trojan.Peed.IOB

C:\$VAULT$.AVG\07292255.FIL
Disinfection failed

C:\$VAULT$.AVG\07292255.FIL
Deleted

C:\$VAULT$.AVG\08482777.FIL
Infected with: Trojan.Peed.IOB

C:\$VAULT$.AVG\08482777.FIL
Disinfection failed

C:\$VAULT$.AVG\08482777.FIL
Deleted

C:\Documents and Settings\xp professional\Desktop\Abegail\shielas usb\More Games\GUNSHOT.EXE
Infected with: Joke.Winshoot.A

C:\Documents and Settings\xp professional\Desktop\Abegail\shielas usb\More Games\GUNSHOT.EXE
Disinfection failed

C:\Documents and Settings\xp professional\Desktop\Abegail\shielas usb\More Games\GUNSHOT.EXE
Deleted

C:\Documents and Settings\xp professional\Desktop\Abegail\shielas usb\More Games\POSTAL.EXE
Infected with: Joke.Winshoot.A

C:\Documents and Settings\xp professional\Desktop\Abegail\shielas usb\More Games\POSTAL.EXE
Disinfection failed

C:\Documents and Settings\xp professional\Desktop\Abegail\shielas usb\More Games\POSTAL.EXE
Deleted

C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
Infected with: Trojan.Downloader.Agent.ASG

C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
Disinfection failed

C:\Program Files\Ringz Studio\Storm Codec\stormupd.dll
Deleted

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159076.EXE
Infected with: Joke.Winshoot.A

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159076.EXE
Disinfection failed

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159076.EXE
Deleted

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159077.EXE
Infected with: Joke.Winshoot.A

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159077.EXE
Disinfection failed

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159077.EXE
Deleted

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159078.dll
Infected with: Trojan.Downloader.Agent.ASG

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159078.dll
Disinfection failed

C:\System Volume Information\_restore{7B82AE59-513A-4981-A704-4BE471F4C809}\RP299\A0159078.dll
Deleted
Reply With Quote
  #13  
Old December 23rd, 2007, 11:26 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:34:10 PM, on 12/23/2007
Platform: Windows XP SP2, v.2082 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2082)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Microsoft Encarta\Encarta Premium Suite 2005\EDICT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.ex e
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\moraleja\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ie/...arch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\sw g.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony] "C:\Program Files\SONY ERICSSON W810i DESKMATE\SONY ERICSSON W810i DESKMATE.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Chikka] C:\Program Files\Chikka Messenger\Chikka v.4\\ChikkaLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Button Manager.lnk = C:\Program Files\Sharp\Personal MFP series Utility\Button Manager\btnman.exe
O4 - Global Startup: IDW Logging Tool.lnk = C:\WINDOWS\system32\idwlog.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdspl ay.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.arcadetown.com/dinerdash2...2.1.0.0.48.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.arcadetown.com/swf/delici...ylomplayer.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.arcadetown.com/swf/feedin...utLauncher.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 10702 bytes
Reply With Quote
  #14  
Old December 23rd, 2007, 07:34 PM
AnnMarie's Avatar
AnnMarie AnnMarie is offline
Cyber Tech Help Moderator
 
Join Date: Oct 2001
O/S: Windows Vista 32-bit
Location: New Zealand
Posts: 59,811
Is mommy files a folder you created melmoraleja?

Your log looks fine now. Do you still have any problems?
Reply With Quote
  #15  
Old December 24th, 2007, 06:31 AM
melmoraleja melmoraleja is offline
Senior Member
 
Join Date: Nov 2006
O/S: Windows XP Home
Posts: 206
yup, my mom created that folder. there's no more problem now. thanks a lot!!!!!
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 08:12 AM.