Struggling with Multiple Malware

D

dieselguy

New member
Guys,

Firstly, thank you very much for sharing your expertise and spending your valuable time to help out. I have been struggling with a number of issues for the past couple of days and would appreciate any advice that you may have.

1. Spybot detects the following malware on my computer and is apparently able to fix them but they reappear at the next scan.
a. Advertising.com
b. Clickbank
c. Doubleclick
d. MediaPlex
e. Smitfraud-C
f. Virtumode

2. Logfile of HijackThis v1.99.1
Scan saved at 10:49:34 PM, on 7/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\TEMP\winF0.tmp.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sbazyibf\cztuxrjc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\regscan.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\mgrs.exe
C:\Documents and Settings\administrator.REDSTONE\Desktop\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\ADMINI~1.RED\LOCALS~1\Temp\woso.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [dgirofxA] C:\WINDOWS\dgirofxA.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe SKY009
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winF0.tmp.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [vspqpufk] rundll32.exe "C:\Program Files\vspqpufk\rolyvqdw.dll",Init
O4 - HKLM\..\Run: [cztuxrjc] C:\Program Files\Sbazyibf\cztuxrjc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\utcumqke.dll",forkonce
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA8630] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC396] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6536] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD871] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.redstonearchitects.com/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redstone.local
O17 - HKLM\Software\..\Telephony: DomainName = redstone.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redstone.local
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

3. Other issues include:
a. Computer running extremely slow
b. Multiple pop-ups
c. Multiple IE crashes - some associated witheschnyzi.dll add-on.
d. Multiple crashes associated with Dr. Watson Post-mortem Debugger

I look forward to hearing from you. Thanks again.

Cheers,
dieselguy
 
Hi dieselguy

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
 
HJT Logfile

Hi Shaba,

Thank you so much for assisting me. Here is the log file.

Cheers,
dieselguy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:52 AM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\OfficeScan NT\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\TEMP\winF0.tmp.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sbazyibf\cztuxrjc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\regscan.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\s2f.exe
C:\Program Files\codec_setup.exe
C:\Program Files\s2f.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\ADMINI~1.RED\LOCALS~1\Temp\woso.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [dgirofxA] C:\WINDOWS\dgirofxA.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe SKY009
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winF0.tmp.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [vspqpufk] rundll32.exe "C:\Program Files\vspqpufk\rolyvqdw.dll",Init
O4 - HKLM\..\Run: [cztuxrjc] C:\Program Files\Sbazyibf\cztuxrjc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\utcumqke.dll",forkonce
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA6155] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1036] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB922] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2206] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.redstonearchitects.com/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redstone.local
O17 - HKLM\Software\..\Telephony: DomainName = redstone.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redstone.local
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycy.html

--
End of file - 9868 bytes
 
HJT Logfile

Hi Shaba,

Thank you so much for assisting me. Here is the log file.

Cheers,
dieselguy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:52 AM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\OfficeScan NT\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\TEMP\winF0.tmp.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sbazyibf\cztuxrjc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\regscan.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\s2f.exe
C:\Program Files\codec_setup.exe
C:\Program Files\s2f.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\ADMINI~1.RED\LOCALS~1\Temp\woso.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [dgirofxA] C:\WINDOWS\dgirofxA.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe SKY009
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winF0.tmp.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [vspqpufk] rundll32.exe "C:\Program Files\vspqpufk\rolyvqdw.dll",Init
O4 - HKLM\..\Run: [cztuxrjc] C:\Program Files\Sbazyibf\cztuxrjc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\utcumqke.dll",forkonce
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA6155] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1036] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB922] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2206] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.redstonearchitects.com/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redstone.local
O17 - HKLM\Software\..\Telephony: DomainName = redstone.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redstone.local
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycy.html

--
End of file - 9868 bytes
 
Hi

Rename HijackThis.exe to scanner.exe and post back a fresh HijackThis log, please :)
 
Here is HJT log with HJT renamed as Scanner

Hi Shaba,

Thanks for your help. Here is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:48 PM, on 7/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\TEMP\winF0.tmp.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sbazyibf\cztuxrjc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\regscan.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINDOWS\mgrs.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\Program Files\Internet Explorer\iedw.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {171191C7-A052-4BD1-83E0-F396CD246044} - C:\Program Files\Windows Media Player\hoke4.dll
O2 - BHO: (no name) - {3964D8D6-86D0-493A-B460-A805B5401114} - C:\WINDOWS\system32\efcbyyx.dll
O2 - BHO: (no name) - {3AA15550-DE7E-7515-21E5-007B746C9458} - C:\Program Files\Vcichofb\eschmyzi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {61770EAF-BD4C-4D8F-911D-44B0247815CB} - C:\WINDOWS\system32\mllml.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\dosulgfq.dll (file missing)
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F5B3C094-D743-43CE-96C5-9231301DA392} - C:\Program Files\Windows Media Player\hoke83122.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKLM\..\Run: [wosa] C:\DOCUME~1\ADMINI~1.RED\LOCALS~1\Temp\woso.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [dgirofxA] C:\WINDOWS\dgirofxA.exe
O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe SKY009
O4 - HKLM\..\Run: [g4356cbvy63] C:\WINDOWS\g4356cbvy63
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\winF0.tmp.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [vspqpufk] rundll32.exe "C:\Program Files\vspqpufk\rolyvqdw.dll",Init
O4 - HKLM\..\Run: [cztuxrjc] C:\Program Files\Sbazyibf\cztuxrjc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\utcumqke.dll",forkonce
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA2576] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC568] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB6522] command /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7778] cmd /c del "C:\WINDOWS\system32\ldcore.dll_tobedeleted_old"
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.redstonearchitects.com/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redstone.local
O17 - HKLM\Software\..\Telephony: DomainName = redstone.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redstone.local
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: efcbyyx - C:\WINDOWS\SYSTEM32\efcbyyx.dll
O20 - Winlogon Notify: mllml - C:\WINDOWS\system32\mllml.dll
O20 - Winlogon Notify: winosz32 - C:\WINDOWS\SYSTEM32\winosz32.dll
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycy.html

--
End of file - 11771 bytes
 
Hi

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report
 
Log of VundoFix

Hi Shaba,

Here is file 1 of 3.

Cheers,
dieselguy

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 7:35:14 AM 8/1/2007

Listing files found while scanning....

C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\mllml.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\lmllm.bak1
C:\WINDOWS\system32\lmllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmllm.bak2
C:\WINDOWS\system32\lmllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\lmllm.ini
C:\WINDOWS\system32\lmllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mllml.dll
C:\WINDOWS\system32\mllml.dll Has been deleted!

Performing Repairs to the registry.
Done!
 
Log of ComboFix

Hi Shaba,

Here is file 2 of 3.

Cheers,
dieselguy

ComboFix 07-07-30.2 - "Administrator" 2007-08-01 7:52:51.1 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
* Created a new restore point


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awttusr.dll
C:\WINDOWS\system32\cbxuusq.dll
C:\WINDOWS\system32\ddcbyvt.dll
C:\WINDOWS\system32\fccbbay.dll
C:\WINDOWS\system32\jkkiiji.dll
C:\WINDOWS\system32\ljjjggd.dll
C:\WINDOWS\system32\nnnlkjh.dll
C:\WINDOWS\system32\pmnnkkh.dll
C:\WINDOWS\system32\rqrpqqp.dll
C:\WINDOWS\system32\tuvutrr.dll
C:\WINDOWS\system32\xxyxxvt.dll
C:\WINDOWS\system32\yayyaya.dll
C:\WINDOWS\system32\winosz32.dll
C:\WINDOWS\system32\efcbyyx.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\d.exe
C:\DOCUME~1\ADMINI~1.RED\APPLIC~1.\.rdr.ini
C:\DOCUME~1\ADMINI~1.RED\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ADMINI~1.RED\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\ADMINI~1.RED\APPLIC~1\install.dat
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe~
C:\Program Files\smbols~1
C:\Program Files\smbols~1\javaw.exe~
C:\Program Files\Windows Media Player\hoke4.dll
C:\Program Files\Windows Media Player\hoke83122.dll
C:\WINDOWS\b122.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe
C:\WINDOWS\system32\b06FdUe
C:\WINDOWS\system32\b06FdUe\b06FdUe1083.exe
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\b10FdUe\b10FdUe1099.exe
C:\WINDOWS\system32\config\systemprofile\application data\.rdr.ini
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\G1
C:\WINDOWS\system32\G1\kmhp83122.exe
C:\WINDOWS\system32\G11
C:\WINDOWS\system32\G11\z553.exe
C:\WINDOWS\system32\G3
C:\WINDOWS\system32\G3\wr725.exe
C:\WINDOWS\system32\G7
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\ioridawc.exe
C:\WINDOWS\system32\jmndnyoi.exe
C:\WINDOWS\system32\ldcore.dll
C:\WINDOWS\system32\ldinfo.ldr
C:\WINDOWS\system32\mit.bat
C:\WINDOWS\system32\sembly~1
C:\WINDOWS\system32\tyvsvykk.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\winticomsv32.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN
-------\LEGACY_NET_AGENT
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\Net Agent


((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


2007-08-01 07:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 07:35 <DIR> d-------- C:\VundoFix Backups
2007-07-31 20:04 125,504 --a------ C:\WINDOWS\system32\btobgdnx.dll
2007-07-31 07:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-30 19:51 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-30 07:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-30 07:06 <DIR> d-------- C:\Program Files\Vcichofb
2007-07-30 00:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-30 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-07-29 22:42 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-29 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-29 22:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-07-29 22:16 <DIR> d-------- C:\WINDOWS\system32\csaedtdh
2007-07-29 22:16 <DIR> d-------- C:\Program Files\SecCenter
2007-07-29 22:16 <DIR> d-------- C:\Program Files\Sbazyibf
2007-07-29 21:38 93,696 --a------ C:\WINDOWS\system32\drvsox.dll
2007-07-29 21:37 <DIR> d-------- C:\Program Files\vspqpufk
2007-07-29 15:36 351,840 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2007-07-29 15:36 351,776 --a------ C:\WINDOWS\system32\drivers\ar52119x.sys
2007-07-29 15:36 11,861 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-07-29 15:36 <DIR> d-------- C:\Program Files\D-Link AirPlus Xtreme G
2007-07-29 13:48 70,312 --a------ C:\Program Files\codec_setup.exe
2007-07-29 11:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-29 08:52 393,224 --a------ C:\sysnvdp.exe
2007-07-29 02:11 393,224 --a------ C:\syspbql.exe
2007-07-29 02:11 393,224 --a------ C:\sysorqd.exe
2007-07-28 23:59 9,769 --a------ C:\WINDOWS\sdvdb0578.exe
2007-07-28 23:59 6,689 --a------ C:\WINDOWS\system32\ldcore.dll
2007-07-28 22:38 393,224 --a------ C:\syskttq.exe
2007-07-28 22:24 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 22:04 --------- d-------- C:\Program Files\Google
2007-07-30 18:43 --------- d-------- C:\Program Files\Windows NT
2007-07-30 07:13 --------- d-------- C:\DOCUME~1\ADMINI~1.RED\APPLIC~1\Google
2007-07-30 00:40 --------- d-------- C:\Program Files\Yahoo!
2007-07-29 15:36 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-29 11:35 --------- d-------- C:\Program Files\Support.com
2007-07-29 11:35 --------- d-------- C:\Program Files\SBC
2007-07-29 11:34 --------- d-------- C:\Program Files\BroadJump
2007-07-28 23:57 51200 --a------ C:\WINDOWS\system32\dllms.dll
2007-06-25 09:54 53248 --a------ C:\WINDOWS\uni_eh44.exe
2007-06-25 09:53 53248 --a------ C:\WINDOWS\uninst1014.exe
2007-06-24 19:18 455640 --a------ C:\Program Files\msgr8in.exe
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-06-08 03:02 2048 --a------ C:\Program Files\func.exe~
2003-12-24 11:40 35399 --a------ C:\Program Files\Art35uninstal.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3AA15550-DE7E-7515-21E5-007B746C9458}]
2007-07-30 07:06 106496 --a------ C:\Program Files\Vcichofb\eschmyzi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53B5F2B1-94DD-43E5-8187-EB4E31F00701}]
C:\WINDOWS\system32\l3acdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A676B89E-F513-4267-9E21-000D8CF193AB}]
C:\WINDOWS\system32\mllml.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
C:\WINDOWS\system32\dosulgfq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-11-17 11:33 C:\WINDOWS\system32\nwiz.exe]
"OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" [2004-09-15 16:10]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-02-25 20:27]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-06 15:34]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-11 08:17]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43]
"tgcmdprovidersbc"="c:\program files\support.com\bin\tgcmd.exe" [2002-07-15 13:48]
"vspqpufk"="C:\Program Files\vspqpufk\rolyvqdw.dll" [2007-07-29 21:37]
"cztuxrjc"="C:\Program Files\Sbazyibf\cztuxrjc.exe" [2007-07-29 22:16]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Regscan"="C:\WINDOWS\system32\regscan.exe" [2003-03-31 08:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 22:21]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\Documents and Settings\administrator.REDSTONE\Start Menu\Programs\Startup\
Connection Manager.lnk - C:\Program Files\SBC\Connection Manager\CManager.exe [2007-07-29 11:35:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-11-01 17:21:31]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-03 11:39:22]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 08:43:54]
D-Link AirPlus Xtreme G Configuration Utility.lnk - C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe [2007-07-29 15:36:09]
D-Link REG Utility.lnk - C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe [2007-07-29 15:36:08]
Firewall Client Connectivity Monitor.LNK - C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE [2003-10-02 11:49:31]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-29 22:21:39]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-11-19 09:32:03]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-10-03 09:51:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\Messenger\profsycy.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{53B5F2B1-94DD-43E5-8187-EB4E31F00701}"= C:\WINDOWS\system32\l3acdb.dll [ ]

R2 ntrtscan;OfficeScanNT RealTime Scan;C:\OfficeScan NT\ntrtscan.exe
R2 TmFilter;Trend Micro Filter;\??\C:\OfficeScan NT\TmXPFlt.sys
R2 TmPreFilter;Trend Micro PreFilter;\??\C:\OfficeScan NT\TmPreFlt.sys
R2 VSApiNt;Trend Micro VSAPI NT;\??\C:\OfficeScan NT\VSApiNt.sys
R2 WIBUKEY;WIBU-KEY Kernel Driver;C:\WINDOWS\system32\DRIVERS\WibuKey.sys
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
S2 tmlisten;OfficeScanNT Listener;C:\OfficeScan NT\tmlisten.exe
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 NTACCESS;NTACCESS;\??\E:\NTACCESS.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 usbvideo;USB Video Device (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 Wibukey2;Wibukey2;C:\WINDOWS\system32\drivers\wibukey2.sys


Contents of the 'Scheduled Tasks' folder
2007-08-01 11:48:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 08:05:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-01 8:06:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-01 08:06

--- E O F ---
 
Log of HJT (renamed as scanner)

Hi Shaba,

Here is file 3 of 3.

Cheers,
dieselguy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:10, on 2007-08-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\program files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sbazyibf\cztuxrjc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\regscan.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3AA15550-DE7E-7515-21E5-007B746C9458} - C:\Program Files\Vcichofb\eschmyzi.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A676B89E-F513-4267-9E21-000D8CF193AB} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\dosulgfq.dll (file missing)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [vspqpufk] rundll32.exe "C:\Program Files\vspqpufk\rolyvqdw.dll",Init
O4 - HKLM\..\Run: [cztuxrjc] C:\Program Files\Sbazyibf\cztuxrjc.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.redstonearchitects.com/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redstone.local
O17 - HKLM\Software\..\Telephony: DomainName = redstone.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redstone.local
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycy.html

--
End of file - 9751 bytes
 
Hi

Open HijackThis, click do a system scan only and checkmark these:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
{3AA15550-DE7E-7515-21E5-007B746C9458} - C:\Program Files\Vcichofb\eschmyzi.dll
O2 - BHO: (no name) - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O2 - BHO: (no name) - {A676B89E-F513-4267-9E21-000D8CF193AB} - C:\WINDOWS\system32\mllml.dll (file missing)
O2 - BHO: (no name) - {A676B89E-F513-4267-9E21-000D8CF193AB} - C:\WINDOWS\system32\mllml.dll (file missing)
{C6039E6C-BDE9-4de5-BB40-768CAA584FDC} - C:\WINDOWS\system32\dosulgfq.dll (file
missing)
O4 - HKLM\..\Run: [vspqpufk] rundll32.exe "C:\Program Files\vspqpufk\rolyvqdw.dll",Init
O4 - HKLM\..\Run: [cztuxrjc] C:\Program Files\Sbazyibf\cztuxrjc.exe
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O22 - SharedTaskScheduler: za - {53B5F2B1-94DD-43E5-8187-EB4E31F00701} - C:\WINDOWS\system32\l3acdb.dll (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\Messenger\profsycy.html

Close all windows including browser and press fix checked.

Reboot

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
File::
C:\WINDOWS\system32\btobgdnx.dll
C:\WINDOWS\system32\drvsox.dll
C:\sysnvdp.exe
C:\syspbql.exe
C:\sysorqd.exe
C:\WINDOWS\sdvdb0578.exe
C:\WINDOWS\system32\ldcore.dll
C:\syskttq.exe
C:\Program Files\func.exe~
C:\Program Files\Messenger\profsycy.html

Folder::
C:\Program Files\Vcichofb
C:\WINDOWS\system32\csaedtdh
C:\Program Files\SecCenter
C:\Program Files\Sbazyibf
C:\Program Files\vspqpufk

Registry::
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Save this as "CFScript"

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.
 
Log of ComboFix

Hi Shaba,

Here is file 1 of 2.

ComboFix 07-07-30.2 - "Administrator" 2007-08-01 8:40:57.2 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\administrator.REDSTONE\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\func.exe~
C:\Program Files\Sbazyibf
C:\Program Files\Sbazyibf\cztuxrjc.exe
C:\Program Files\SecCenter
C:\Program Files\SecCenter\scprot4.exe.bak
C:\Program Files\Vcichofb
C:\Program Files\Vcichofb\eschmyzi.dll
C:\Program Files\vspqpufk
C:\Program Files\vspqpufk\rolyvqdw.dll
C:\syskttq.exe
C:\sysnvdp.exe
C:\sysorqd.exe
C:\syspbql.exe
C:\WINDOWS\sdvdb0578.exe
C:\WINDOWS\system32\btobgdnx.dll
C:\WINDOWS\system32\csaedtdh
C:\WINDOWS\system32\csaedtdh\bg1.gif
C:\WINDOWS\system32\csaedtdh\bgtop.gif
C:\WINDOWS\system32\csaedtdh\bottom1.gif
C:\WINDOWS\system32\csaedtdh\csaedtdh1.exe
C:\WINDOWS\system32\csaedtdh\csaedtdh2.exe
C:\WINDOWS\system32\csaedtdh\csaedtdh3.exe
C:\WINDOWS\system32\csaedtdh\essentials.gif
C:\WINDOWS\system32\csaedtdh\icon1.ico
C:\WINDOWS\system32\csaedtdh\install1.gif
C:\WINDOWS\system32\csaedtdh\left1.gif
C:\WINDOWS\system32\csaedtdh\li.gif
C:\WINDOWS\system32\csaedtdh\logo.gif
C:\WINDOWS\system32\csaedtdh\main.htm
C:\WINDOWS\system32\csaedtdh\mainframe.htm
C:\WINDOWS\system32\csaedtdh\reinstall1.gif
C:\WINDOWS\system32\csaedtdh\right1.gif
C:\WINDOWS\system32\csaedtdh\s1.htm
C:\WINDOWS\system32\csaedtdh\s2.htm
C:\WINDOWS\system32\csaedtdh\s3.htm
C:\WINDOWS\system32\csaedtdh\SMTop1.gif
C:\WINDOWS\system32\csaedtdh\SMTop2.gif
C:\WINDOWS\system32\csaedtdh\SMTop3.gif
C:\WINDOWS\system32\csaedtdh\SMTop4.gif
C:\WINDOWS\system32\csaedtdh\soft1_off.gif
C:\WINDOWS\system32\csaedtdh\soft1_off_ext.gif
C:\WINDOWS\system32\csaedtdh\soft1_on.gif
C:\WINDOWS\system32\csaedtdh\soft1_on_ext.gif
C:\WINDOWS\system32\csaedtdh\soft2_off.gif
C:\WINDOWS\system32\csaedtdh\soft2_off_ext.gif
C:\WINDOWS\system32\csaedtdh\soft2_on.gif
C:\WINDOWS\system32\csaedtdh\soft2_on_ext.gif
C:\WINDOWS\system32\csaedtdh\soft3_off.gif
C:\WINDOWS\system32\csaedtdh\soft3_off_ext.gif
C:\WINDOWS\system32\csaedtdh\soft3_on.gif
C:\WINDOWS\system32\csaedtdh\soft3_on_ext.gif
C:\WINDOWS\system32\csaedtdh\softbottom_off.gif
C:\WINDOWS\system32\csaedtdh\softbottom_on.gif
C:\WINDOWS\system32\csaedtdh\softleft_off.gif
C:\WINDOWS\system32\csaedtdh\softleft_on.gif
C:\WINDOWS\system32\csaedtdh\top1.gif
C:\WINDOWS\system32\csaedtdh\top2.gif
C:\WINDOWS\system32\csaedtdh\turnoff1.gif
C:\WINDOWS\system32\csaedtdh\turnon1.gif
C:\WINDOWS\system32\drvsox.dll


((((((((((((((((((((((((( Files Created from 2007-07-01 to 2007-08-01 )))))))))))))))))))))))))))))))


2007-08-01 07:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 07:35 <DIR> d-------- C:\VundoFix Backups
2007-07-31 07:43 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-30 19:51 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-30 07:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-07-30 00:51 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-30 00:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Support.com
2007-07-29 22:42 <DIR> d-------- C:\Program Files\Windows Defender
2007-07-29 22:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-29 22:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-07-29 15:36 351,840 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2007-07-29 15:36 351,776 --a------ C:\WINDOWS\system32\drivers\ar52119x.sys
2007-07-29 15:36 11,861 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2007-07-29 15:36 <DIR> d-------- C:\Program Files\D-Link AirPlus Xtreme G
2007-07-29 13:48 70,312 --a------ C:\Program Files\codec_setup.exe
2007-07-29 11:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-28 22:24 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 22:04 --------- d-------- C:\Program Files\Google
2007-07-30 18:43 --------- d-------- C:\Program Files\Windows NT
2007-07-30 07:13 --------- d-------- C:\DOCUME~1\ADMINI~1.RED\APPLIC~1\Google
2007-07-30 00:40 --------- d-------- C:\Program Files\Yahoo!
2007-07-29 15:36 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-29 11:35 --------- d-------- C:\Program Files\Support.com
2007-07-29 11:35 --------- d-------- C:\Program Files\SBC
2007-07-29 11:34 --------- d-------- C:\Program Files\BroadJump
2007-07-28 23:57 51200 --a------ C:\WINDOWS\system32\dllms.dll
2007-06-25 09:54 53248 --a------ C:\WINDOWS\uni_eh44.exe
2007-06-25 09:53 53248 --a------ C:\WINDOWS\uninst1014.exe
2007-06-24 19:18 455640 --a------ C:\Program Files\msgr8in.exe
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2003-12-24 11:40 35399 --a------ C:\Program Files\Art35uninstal.log


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-11-17 11:33 C:\WINDOWS\system32\nwiz.exe]
"OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" [2004-09-15 16:10]
"QuickFinder Scheduler"="C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-02-25 20:27]
"Logitech Utility"="Logi_MwX.Exe" [2003-03-04 05:50 C:\WINDOWS\LOGI_MWX.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-04-06 15:34]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 21:26]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-11 08:17]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2006-07-21 11:43]
"tgcmdprovidersbc"="c:\program files\support.com\bin\tgcmd.exe" [2002-07-15 13:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Regscan"="C:\WINDOWS\system32\regscan.exe" [2003-03-31 08:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 22:21]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2004-11-01 17:21:31]
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2003-10-03 11:39:22]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 08:43:54]
D-Link AirPlus Xtreme G Configuration Utility.lnk - C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe [2007-07-29 15:36:09]
D-Link REG Utility.lnk - C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe [2007-07-29 15:36:08]
Firewall Client Connectivity Monitor.LNK - C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE [2003-10-02 11:49:31]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-07-29 22:21:39]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-11-19 09:32:03]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2003-10-03 09:51:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

R2 ntrtscan;OfficeScanNT RealTime Scan;C:\OfficeScan NT\ntrtscan.exe
R2 TmFilter;Trend Micro Filter;\??\C:\OfficeScan NT\TmXPFlt.sys
R2 TmPreFilter;Trend Micro PreFilter;\??\C:\OfficeScan NT\TmPreFlt.sys
R2 VSApiNt;Trend Micro VSAPI NT;\??\C:\OfficeScan NT\VSApiNt.sys
R2 WIBUKEY;WIBU-KEY Kernel Driver;C:\WINDOWS\system32\DRIVERS\WibuKey.sys
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator;C:\WINDOWS\system32\drivers\nvax.sys
R3 NVENET;NVIDIA nForce MCP Networking Controller Driver;C:\WINDOWS\system32\DRIVERS\NVENET.sys
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio;C:\WINDOWS\system32\drivers\nvapu.sys
S2 tmlisten;OfficeScanNT Listener;C:\OfficeScan NT\tmlisten.exe
S3 GMSIPCI;GMSIPCI;\??\E:\INSTALL\GMSIPCI.SYS
S3 NTACCESS;NTACCESS;\??\E:\NTACCESS.sys
S3 SetupNTGLM7X;SetupNTGLM7X;\??\E:\NTGLM7X.sys
S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
S3 usbvideo;USB Video Device (WDM);C:\WINDOWS\system32\Drivers\usbvideo.sys
S3 Wibukey2;Wibukey2;C:\WINDOWS\system32\drivers\wibukey2.sys


Contents of the 'Scheduled Tasks' folder
2007-08-01 12:41:21 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 08:43:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray]
"Services"=dword:0000001f
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer]
"Logon User Name"="Administrator"
"CleanShutdown"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning]
"CD Recorder Drive"="\\?\Volume{5da3f8b7-ec93-11d7-9b15-806d6172696f}\"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{5da3f8b7-ec93-11d7-9b15-806d6172696f}]
"Drive Type"=dword:00000002
"CurrentCDWriteSpeed"=dword:ffffffff
"MaxCDWriteSpeed"=dword:00000034

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{5da3f8b8-ec93-11d7-9b15-806d6172696f}]
"Drive Type"=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU]
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"a"="C:\Documents and Settings\Administrator\Desktop\45.23_win2kxp_english_whql.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\Documents and Settings\Administrator\Desktop\45.23_win2kxp_english_whql.exe"
"MRUList"="a"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
"Last used time"=hex(0):00,96,05,8f,e5,5c,c3,01

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData"="C:\Documents and Settings\Administrator\Application Data"
"Cookies"="C:\Documents and Settings\Administrator\Cookies"
"Desktop"="C:\Documents and Settings\Administrator\Desktop"
"Favorites"="C:\Documents and Settings\Administrator\Favorites"
"NetHood"="C:\Documents and Settings\Administrator\NetHood"
"Personal"="C:\Documents and Settings\Administrator\My Documents"
"PrintHood"="C:\Documents and Settings\Administrator\PrintHood"
"Recent"="C:\Documents and Settings\Administrator\Recent"
"SendTo"="C:\Documents and Settings\Administrator\SendTo"
"Start Menu"="C:\Documents and Settings\Administrator\Start Menu"
"Templates"="C:\Documents and Settings\Administrator\Templates"
"Programs"="C:\Documents and Settings\Administrator\Start Menu\Programs"
"Startup"="C:\Documents and Settings\Administrator\Start Menu\Programs\Startup"
"Local Settings"="C:\Documents and Settings\Administrator\Local Settings"
"Local AppData"="C:\Documents and Settings\Administrator\Local Settings\Application Data"
"Cache"="C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files"
"History"="C:\Documents and Settings\Administrator\Local Settings\History"
"My Pictures"="C:\Documents and Settings\Administrator\My Documents\My Pictures"
"My Music"="C:\Documents and Settings\Administrator\My Documents\My Music"
"Administrative Tools"="C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools"
"CD Burning"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\CD Burning"
"My Video"=""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Recent"=str(2):"USERPROFILE\Recent"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership]
"Group0"="S-1-5-21-2561768034-3973020173-3376078148-513"
"Group2"="S-1-5-32-544"
"Group4"="S-1-2-0"
"Count"=dword:00000007
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Win32)"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012003092220030923]
"CachePath"=str(2):"USERPROFILE\Local Settings\History\History.IE5\MSHist012003092220030923\"
"CachePrefix"=":2003092220030923: "
"CacheLimit"=dword:00002000
"CacheOptions"=dword:0000000b
"CacheRepair"=dword:0000000scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-01 8:45:24
C:\ComboFix-quarantined-files.txt ... 2007-08-01 08:44
C:\ComboFix2.txt ... 2007-08-01 08:06

--- E O F ---
 
Log of HJT (renamed as scanner)

Hi Shaba,

Here is file 2 of 2.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:46, on 2007-08-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\OfficeScan NT\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\regscan.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.redstonearchitects.com/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redstone.local
O17 - HKLM\Software\..\Telephony: DomainName = redstone.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redstone.local
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8185 bytes
 
Hi

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\regscan.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
 
Result from Virus Total

Hi - Here is the scan result from Virus Total. Sorry about the poor formatting.

Antivirus Version Last Update Result
AhnLab-V3 2007.8.2.0 2007.08.01 -
AntiVir 7.4.0.54 2007.08.01 HEUR/Crypted
Authentium 4.93.8 2007.07.31 -
Avast 4.7.1029.0 2007.08.01 -
AVG 7.5.0.476 2007.07.31 -
BitDefender 7.2 2007.08.01 -
CAT-QuickHeal 9.00 2007.07.31 (Suspicious) - DNAScan
ClamAV 0.91 2007.08.01 -
DrWeb 4.33 2007.08.01 -
eSafe 7.0.15.0 2007.07.31 suspicious Trojan/Worm
eTrust-Vet 31.1.5022 2007.08.01 -
Ewido 4.0 2007.08.01 -
FileAdvisor 1 2007.08.01 -
Fortinet 2.91.0.0 2007.08.01 -
F-Prot 4.3.2.48 2007.07.31 -
F-Secure 6.70.13030.0 2007.08.01 W32/Horst.gen33
Ikarus T3.1.1.8 2007.08.01 -
Kaspersky 4.0.2.24 2007.08.01 -
McAfee 5087 2007.07.31 -
Microsoft 1.2704 2007.08.01 -
NOD32v2 2430 2007.07.31 -
Norman 5.80.02 2007.07.31 W32/Horst.gen33
Panda 9.0.0.4 2007.08.01 -
Prevx1 V2 2007.08.01 -
Rising 19.34.22.00 2007.08.01 -
Sophos 4.19.0 2007.08.01 Mal/DownLdr-N
Sunbelt 2.2.907.0 2007.07.31 -
Symantec 10 2007.08.01 -
TheHacker 6.1.7.160 2007.08.01 -
VBA32 3.12.2.2 2007.07.31 -
VirusBuster 4.3.26:9 2007.08.01 -
Webwasher-Gateway 6.0.1 2007.08.01 Heuristic.Crypted
Additional information
File size: 352256 bytes
MD5: 69e1ce1171ef5c54473e18f573c207e5
SHA1: a5149813d0eaad18acc4b257329d58e261434b17
packers: UPX
 
Hi

Open HijackThis, click do a system scan only and checkmark this:

O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe

Close all windows including browser and press fix checked.

Reboot

Delete this:

C:\WINDOWS\system32\regscan.exe

Empty Recycle Bin

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post:

- a fresh HijackThis log
- kaspersky report
 
Kaspersky Log

Hi Shaba,

I can't thank you enough for your time and assistance. Here is the Kaspersky log (1 of 3).

Cheers,
dieselguy

KASPERSKY ONLINE SCANNER REPORT
2007-08-01 21:08
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 2/08/2007
Kaspersky Anti-Virus database records: 370657


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
S:\

Scan Statistics
Total number of scanned objects 77667
Number of viruses found 44
Number of infected objects 255
Number of suspicious objects 4
Duration of the scan process 01:25:20

Infected Object Name Virus Name Last Action
C:\Documents and Settings\administrator.REDSTONE\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{64CE3B85-700D-4DF2-B574-19545F372A94} Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\Local Settings\History\History.IE5\MSHist012007080120070802\index.dat Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\administrator.REDSTONE\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-07292007-224419.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip/Yazzle1549OinUninstaller.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip/Yazzle1281OinUninstaller.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\2.dllb Infected: Email-Worm.Win32.Zhelatin.gd skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.jp skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E17M31UV\user9[1].exe Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temp\2.dllb Infected: Email-Worm.Win32.Zhelatin.gd skipped

C:\Documents and Settings\NetworkService\Local Settings\Temp\mstE4.tmp Infected: Trojan.Win32.Agent.qt skipped

C:\Documents and Settings\NetworkService\Local Settings\Temp\~tmp143 Infected: Trojan-Clicker.Win32.Agent.jp skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\codec_setup.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\Program Files\codec_setup.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\Program Files\codec_setup.exe NSIS: infected - 2 skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe~.vir Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\QooBox\Quarantine\C\Program Files\func.exe~.vir Infected: Trojan-Clicker.Win32.Small.jf skipped

C:\QooBox\Quarantine\C\Program Files\Windows Media Player\hoke4.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.b skipped

C:\QooBox\Quarantine\C\Program Files\Windows Media Player\hoke83122.dll.vir Infected: not-a-virus:AdWare.Win32.TTC.b skipped

C:\QooBox\Quarantine\C\syskttq.exe.vir Infected: Trojan.Win32.Agent.ato skipped

C:\QooBox\Quarantine\C\sysnvdp.exe.vir Infected: Trojan.Win32.Agent.ato skipped

C:\QooBox\Quarantine\C\sysorqd.exe.vir Infected: Trojan.Win32.Agent.ato skipped

C:\QooBox\Quarantine\C\syspbql.exe.vir Infected: Trojan.Win32.Agent.ato skipped

C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

C:\QooBox\Quarantine\C\WINDOWS\mgrs.exe.vir Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\QooBox\Quarantine\C\WINDOWS\poolsv.exe.vir Infected: Trojan-Downloader.Win32.VB.aya skipped

C:\QooBox\Quarantine\C\WINDOWS\sdvdb0578.exe.vir Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\awttusr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.io skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\b02FdUe\b02FdUe1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\b06FdUe\b06FdUe1083.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\b10FdUe\b10FdUe1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\cbxuusq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\csaedtdh\csaedtdh1.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\csaedtdh\csaedtdh2.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\csaedtdh\csaedtdh3.exe.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ddcbyvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\drvsox.dll.vir Infected: Trojan.Win32.Agent.qt skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\efcbyyx.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\fccbbay.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\G1\kmhp83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\G1\kmhp83122.exe.vir NSIS: infected - 1 skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\G11\z553.exe.vir Infected: Trojan-Dropper.Win32.Agent.mu skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\G3\wr725.exe.vir Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\hlpsrv.exe.vir Infected: Trojan-Clicker.Win32.Small.mv skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ioridawc.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jkkiiji.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\jmndnyoi.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ldcore.dll.vir Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\ljjjggd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\nnnlkjh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\pmnnkkh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\rqrpqqp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\tuvutrr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\tyvsvykk.exe.vir Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\winosz32.dll.vir Infected: Trojan.Win32.Agent.qt skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\xxyxxvt.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\QooBox\Quarantine\C\WINDOWS\system32\yayyaya.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP358\A0032519.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP358\A0032527.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP358\A0032541.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP359\A0032560.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP359\A0032568.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP359\A0032576.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP359\A0032584.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP359\A0032592.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP359\A0032604.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP360\A0032625.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP360\A0032632.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP360\A0032639.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP361\A0032652.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP361\A0032671.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP363\A0032681.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP363\A0032689.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP363\A0032703.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP363\A0032711.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP364\A0032719.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP364\A0032727.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP364\A0032744.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP365\A0032789.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP365\A0032796.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP365\A0032804.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP365\A0032814.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP365\A0032876.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP365\A0032885.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP366\A0032921.dll Infected: Packed.Win32.NSAnti.r skipped
 
Kaspersky Log (2 of 3)

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP366\A0032946.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP366\A0032988.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP366\A0032995.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP366\A0033006.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP366\A0033020.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP366\A0033039.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP367\A0033049.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP368\A0033057.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP368\A0033068.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP369\A0033096.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP369\A0033105.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP369\A0033133.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP369\A0033149.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP370\A0033206.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP371\A0033214.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP371\A0033222.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP372\A0033242.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP372\A0033253.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP373\A0033264.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP374\A0033283.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP374\A0033298.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033323.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033334.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033342.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033349.old Infected: Trojan-Downloader.Win32.Obfuscated.by skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033357.dll Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033359.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033362.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033363.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033369.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033370.exe Infected: Packed.Win32.NSAnti.r skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033371.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033373.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033404.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033422.exe/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033422.exe Inno: infected - 1 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033428.exe Infected: Trojan-Proxy.Win32.VB.x skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033429.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033430.exe Infected: Trojan-Downloader.Win32.VB.ang skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033432.exe Infected: Email-Worm.Win32.Zhelatin.gd skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033436.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.i skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033457.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033459.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033460.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033461.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033464.exe Infected: Trojan-Downloader.Win32.Zlob.bqw skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033465.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033467.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033477.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033478.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033478.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033478.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033486.exe Infected: Trojan.Win32.Small.oa skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033488.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033488.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033488.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033490.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033491.exe/data0005 Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033491.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033492.exe Infected: Trojan-Proxy.Win32.VB.x skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033493.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033494.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033495.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033495.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033496.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP375\A0033507.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033636.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033637.exe Infected: Trojan-Downloader.Win32.Small.cxx skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033638.exe Infected: Trojan-Proxy.Win32.Xorpix.be skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033642.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033644.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033645.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033646.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033648.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033651.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033652.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033660.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033666.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033667.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033669.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033671.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033672.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033677.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033688.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033689.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033691.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP379\A0033692.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP382\A0033762.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP382\A0033762.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP382\A0033762.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP384\A0033798.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP384\A0033799.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP384\A0033802.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP384\A0033803.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP384\A0033807.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP385\A0033810.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP385\A0033838.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP385\A0033839.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP385\A0033841.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP385\A0033843.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP386\A0034062.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP386\A0034094.dll Infected: not-a-virus:AdWare.Win32.BHO.cw skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP386\A0034096.dll Infected: Trojan-Clicker.Win32.Small.cf skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP387\A0034152.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP387\A0034392.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP387\A0034394.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP387\A0034601.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0034948.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped
 
Kaspersky Log (3 of 3)

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0034950.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0034974.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0034974.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0034974.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0034992.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0034994.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0035025.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0035025.exe/stream Infected: Trojan-Downloader.Win32.Zlob.bxn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0035025.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0035029.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0035031.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0035043.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0035047.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP392\A0035057.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP393\A0035075.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP393\A0035077.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP393\A0035088.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP393\A0035090.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP395\A0035094.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035127.exe Infected: not-a-virus:AdWare.Win32.Rond.c skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035128.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035129.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035130.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035131.dll Infected: not-a-virus:AdWare.Win32.TTC.b skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035132.dll Infected: not-a-virus:AdWare.Win32.TTC.b skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035133.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035134.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.b skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035134.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035135.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035136.exe Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035137.exe Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035138.exe Infected: Trojan-Downloader.Win32.VB.awj skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035139.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035142.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035145.exe Infected: Trojan-Downloader.Win32.Alphabet.h skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035146.exe Infected: Trojan-Downloader.Win32.VB.aya skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035148.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035149.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.io skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035150.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035151.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035152.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035153.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035154.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035155.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035156.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035157.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035158.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035159.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035160.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035161.dll Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035173.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP396\A0035265.dll Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035290.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035291.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035292.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035297.dll Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035298.exe Infected: Trojan.Win32.Agent.ato skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035299.exe Infected: Trojan.Win32.Agent.ato skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035300.exe Infected: Trojan.Win32.Agent.ato skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035301.exe Infected: Trojan-Downloader.Win32.Small.dxm skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\A0035302.exe Infected: Trojan.Win32.Agent.ato skipped

C:\System Volume Information\_restore{4B97AA22-CED1-404D-AD0C-471E5D89566E}\RP397\change.log Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\Netlogon.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\dgirofx.exe~ Infected: Trojan-Dropper.Win32.Agent.mu skipped

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\dllms.dll Infected: Packed.Win32.NSAnti.r skipped

C:\WINDOWS\system32\dnsersnd.dll.bak Infected: Trojan-Clicker.Win32.Small.cf skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\l3acdb.dll.bak Infected: not-a-virus:AdWare.Win32.BHO.cw skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
Log of HJT (renamed as scanner)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15, on 2007-08-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\OfficeScan NT\pccntmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\program files\support.com\bin\tgcmd.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\PROGRA~1\Yahoo!\browser\ybrowser.exe
C:\Program Files\Trend Micro\HijackThis\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\AIRPLUS.exe
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\D-Link AirPlus Xtreme G\Reg.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.redstonearchitects.com/Remote/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redstone.local
O17 - HKLM\Software\..\Telephony: DomainName = redstone.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redstone.local
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8303 bytes
 
You must log in or register to reply here.
Back
Top