View Full Version : virus
fahad2k7
2007-09-02, 02:48
please help i've tried all the removal software but the virus still keeps coming back
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:53 PM, on 9/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\1\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\lvhidsvc.exe
D:\Program Files\Spyware Doctor\svcntaux.exe
D:\Program Files\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
D:\Program Files\Athan\Athan.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {208D7BCC-9857-4C9E-823B-D04E72490A67} - D:\WINDOWS\mxduo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - D:\WINDOWS\mxduo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Athan] D:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [tgcmd] D:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SDTray] "D:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\RunServices: [LvHidSvc] D:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "D:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=00a6ad06-5e3e-4b6a-adda-0845a16d08bc
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Program Files\MP3 Player Utilities 3.77\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - D:\Program Files\MP3 Player Utilities 3.77\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: wmphost - {2B42EA55-CE30-4125-8EF6-437529B45ACF} - D:\WINDOWS\wmphost.dll
O21 - SSODL: wmpdev - {94AAD7A6-A9E4-49C3-966A-EC5C062DF024} - D:\WINDOWS\wmpdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\1\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - D:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 8846 bytes
fahad2k7,
Welcome to Safer Networking.
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
You have a few things going on that we need to address, first lets disable Ad Aware as it may interfere with the removal process.
To Disable AdWatch
Open Ad-Aware SE Personal
Go to the AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically
Uncheck both options.
You should enable these after resolving your problem.
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Download ComboFix from Here (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe) or Here (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop.
Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post the Combofix log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please download SmitfraudFix (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
I need to see the following.
1. The SDfix log.
2. The Combofix log
3. The Smitfraud log
4. A New HJT log please
fahad2k7
2007-09-02, 18:54
thanks here are the logs
SDFix: Version 1.101
Run by FAHAD on Sun 09/02/2007 at 12:27 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: D:\sdfix\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage
Restoring Default Desktop Components Value
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
D:\Documents and Settings\FAHAD\Desktop\Error Cleaner.url - Deleted
D:\Documents and Settings\FAHAD\Favorites\Error Cleaner.url - Deleted
D:\Documents and Settings\FAHAD\Desktop\Privacy Protector.url - Deleted
D:\Documents and Settings\FAHAD\Favorites\Privacy Protector.url - Deleted
D:\Documents and Settings\FAHAD\Desktop\Spyware&Malware Protection.url - Deleted
D:\Documents and Settings\FAHAD\Favorites\Spyware&Malware Protection.url - Deleted
D:\WINDOWS\privacy_danger\index.htm - Deleted
D:\WINDOWS\privacy_danger\images\capt.gif - Deleted
D:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
D:\WINDOWS\privacy_danger\images\down.gif - Deleted
D:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
D:\WINDOWS\dat.txt - Deleted
D:\WINDOWS\mxduo.dll - Deleted
D:\WINDOWS\rs.txt - Deleted
D:\WINDOWS\wmpdev.dll - Deleted
D:\WINDOWS\wmphost.dll - Deleted
Folder D:\WINDOWS\privacy_danger - Removed
Removing Temp Files...
ADS Check:
D:\WINDOWS
No streams found.
D:\WINDOWS\system32
No streams found.
D:\WINDOWS\system32\svchost.exe
No streams found.
D:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\\Program Files\\Google\\Google Talk\\googletalk.exe"="D:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\\Program Files\\SopCast\\SopCast.exe"="D:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast"
"D:\\Program Files\\Azureus\\Azureus.exe"="D:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"="D:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"D:\\Documents and Settings\\FAHAD\\Application Data\\SopCast\\adv\\SopAdver.exe"="D:\\Documents and Settings\\FAHAD\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopAdver"
"D:\\Program Files\\Yahoo!\\Yahoo! Widget Engine\\YahooWidgetEngine.exe"="D:\\Program Files\\Yahoo!\\Yahoo! Widget Engine\\YahooWidgetEngine.exe:*:Enabled:Yahoo! Widget Engine"
"D:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="D:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVU Player Component"
"D:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp"="D:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp:*:Enabled:kazaalite"
"D:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"="D:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe:*:Enabled:Media Player Classic"
"D:\\Program Files\\Windows Media Player\\wmplayer.exe"="D:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"D:\\Program Files\\Messenger\\msmsgs.exe"="D:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="D:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"D:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="D:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="D:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader"
"D:\\Program Files\\America Online 9.0\\waol.exe"="D:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"D:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="D:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"D:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="D:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"D:\\Program Files\\Common Files\\AOL\\1173318109\\EE\\AOLServiceHost.exe"="D:\\Program Files\\Common Files\\AOL\\1173318109\\EE\\AOLServiceHost.exe:*:Enabled:AOL"
"D:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="D:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"D:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="D:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"D:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="D:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"D:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="D:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\StubInstaller.exe"="D:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="D:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
Remaining Files:
---------------
File Backups: - D:\sdfix\SDFix\backups\backups.zip
Files with Hidden Attributes:
D:\Documents and Settings\FAHAD\Local Settings\Application Data\Microsoft\Messenger\fahad_ali_mussa@hotmail.com\Sharing Folders\choudhryayaz@hotmail.com\Thumbs.db
D:\Program Files\Intel\INFInst\Intel\ExtremeGraphics\Pavilion mx70\et\exploitedteens.com_angelyne\Thumbs.db
D:\Program Files\Picasa2\setup.exe
D:\Documents and Settings\FAHAD\My Documents\My Downloads\ahov.part1.rar.Mass
D:\Documents and Settings\FAHAD\My Documents\My Downloads\meghna naidu meghna naidu desiworks.zip.Mass
Finished
ComboFix 07-08-30.3 - "FAHAD" 2007-09-02 12:38:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.343 [GMT -4:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Autorun.inf
D:\DOCUME~1\FAHAD\Desktop\internet explorer.lnk
D:\WINDOWS\system32\MabryObj.dll
((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))
2007-09-02 12:37 51,200 --a------ D:\WINDOWS\nircmd.exe
2007-09-02 12:26 <DIR> d-------- D:\WINDOWS\ERUNT
2007-09-01 20:35 <DIR> d-------- D:\Program Files\Trend Micro
2007-09-01 13:09 <DIR> d-------- D:\Program Files\Common Files\Skype
2007-09-01 13:09 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-09-01 12:41 <DIR> d-------- D:\Program Files\Common Files\Symantec Shared
2007-09-01 12:24 82,248 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys
2007-09-01 12:24 57,672 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys
2007-09-01 12:24 40,264 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys
2007-09-01 12:24 29,000 --a------ D:\WINDOWS\system32\drivers\kcom.sys
2007-09-01 12:24 <DIR> d-------- D:\Program Files\Spyware Doctor
2007-09-01 12:24 <DIR> d-------- D:\DOCUME~1\FAHAD\APPLIC~1\PC Tools
2007-09-01 12:23 626,688 --a------ D:\WINDOWS\system32\msvcr80.dll
2007-09-01 12:08 <DIR> d-------- D:\Program Files\Norton Security Scan
2007-09-01 12:04 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-08-31 15:43 53,248 -ra------ D:\WINDOWS\system32\InstMed.exe
2007-08-31 15:42 913,280 --a------ D:\WINDOWS\system32\drivers\LV302AV.SYS
2007-08-31 15:42 7,136 --a------ D:\WINDOWS\system32\drivers\lv302af.sys
2007-08-31 15:42 372,736 --a------ D:\WINDOWS\system32\LVUI2RC.dll
2007-08-31 15:42 22,016 --a------ D:\WINDOWS\system32\drivers\LVUSBSta.sys
2007-08-31 15:42 204,800 --a------ D:\WINDOWS\system32\LVUI2.dll
2007-08-31 15:42 204,800 --a------ D:\WINDOWS\system32\lvcodec2.dll
2007-08-31 15:42 2,180,096 --a------ D:\WINDOWS\system32\drivers\LVSVF2.sys
2007-08-31 15:42 106,496 --a------ D:\WINDOWS\system32\lvcoinst.dll
2007-08-31 15:42 <DIR> d-------- D:\Program Files\Common Files\Logitech
2007-08-31 15:37 <DIR> d-------- D:\Program Files\Logitech
2007-08-31 15:35 59,264 --a--c--- D:\WINDOWS\system32\dllcache\usbaudio.sys
2007-08-31 15:35 59,264 --a------ D:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-08-31 12:39 1,060,864 --a------ D:\WINDOWS\system32\MFC71.dll
2007-08-31 12:38 <DIR> d-------- D:\Program Files\Alwil Software
2007-08-30 22:05 <DIR> d-------- D:\DOCUME~1\FAHAD\.fltk
2007-08-30 15:43 <DIR> d-------- D:\Program Files\Lavasoft
2007-08-30 15:43 <DIR> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-17 02:04 <DIR> d-------- D:\Program Files\MSXML 6.0
2007-08-07 13:58 8,320 --a------ D:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ D:\WINDOWS\system32\drivers\NSDriver.sys
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-01 13:09 --------- d-------- D:\Program Files\Skype
2007-09-01 13:08 --------- d-------- D:\Program Files\Picasa2
2007-09-01 12:04 --------- d-------- D:\Program Files\Google
2007-08-31 20:38 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-08-31 20:26 --------- d-------- D:\DOCUME~1\FAHAD\APPLIC~1\Azureus
2007-08-31 15:40 --------- d--h----- D:\Program Files\InstallShield Installation Information
2007-08-30 14:01 --------- d-------- D:\DOCUME~1\FAHAD\APPLIC~1\Lavasoft
2007-08-30 13:57 --------- d-------- D:\Program Files\Common Files\Wise Installation Wizard
2007-08-01 03:28 --------- d-------- D:\Program Files\K-Lite Codec Pack
2007-08-01 03:28 --------- d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-30 19:19 92504 --a------ D:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ D:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ D:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ D:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ D:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ D:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ D:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ D:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ D:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ D:\WINDOWS\system32\wups.dll
2007-07-11 14:37 6272 --a------ D:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-26 02:08 1104896 --a------ D:\WINDOWS\system32\msxml3.dll
2007-06-19 09:31 282112 --a------ D:\WINDOWS\system32\gdi32.dll
2007-06-13 06:23 1033216 --a------ D:\WINDOWS\explorer.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2004-11-02 10:03]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2004-11-02 09:59]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 06:42 D:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 12:02]
"Athan"="D:\Program Files\Athan\Athan.exe" [2005-09-11 21:04]
"DiskeeperSystray"="D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-10-04 13:38]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"AOLDialer"="D:\Program Files\Common Files\AOL\ACS\AOLDial.exe" []
"tgcmd"="D:\Program Files\Support.com\bin\tgcmd.exe" [2006-06-02 15:09]
"googletalk"="D:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [2007-04-27 11:25]
"LVCOMSX"="D:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="D:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="D:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 11:37]
"swg"="D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 01:51]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48]
"LogitechSoftwareUpdate"="D:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"CheckNetworkConnection"="D:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=00a6ad06-5e3e-4b6a-adda-0845a16d08bc
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"LvHidSvc"=D:\WINDOWS\system32\lvhidsvc.exe
D:\DOCUME~1\FAHAD\STARTM~1\Programs\Startup\
Yahoo! Widget Engine.lnk - D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 13:57:16]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"
R3 LVCap138;TV Card WDM Video Capture;D:\WINDOWS\system32\DRIVERS\lvcap138.sys
R3 lvtuner;TV Card TV Tuner;D:\WINDOWS\system32\DRIVERS\lvtuner.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
AutoRun\command- C:\setupSNK.exe
Contents of the 'Scheduled Tasks' folder
2007-05-28 19:11:58 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-01 16:08:30 D:\WINDOWS\Tasks\Norton Security Scan.job - D:\Program Files\Norton Security Scan\Nss.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 12:41:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
Completion time: 2007-09-02 12:44:22 - machine was rebooted
D:\ComboFix-quarantined-files.txt ... 2007-09-02 12:43
--- E O F ---
SmitFraudFix v2.219
Scan done at 12:46:32.84, Sun 09/02/2007
Run from D:\Documents and Settings\FAHAD\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\1\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\lvhidsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» D:\
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\FAHAD
»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\FAHAD\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\FAHAD\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 68.87.73.242
DNS Server Search Order: 68.87.71.226
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0C6DB0E5-4D89-42A1-8AE8-9B2F17F85254}: DhcpNameServer=68.87.73.242 68.87.71.226 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0C6DB0E5-4D89-42A1-8AE8-9B2F17F85254}: DhcpNameServer=68.87.73.242 68.87.71.226 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0C6DB0E5-4D89-42A1-8AE8-9B2F17F85254}: DhcpNameServer=68.87.73.242 68.87.71.226 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.73.242 68.87.71.226 192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
fahad2k7
2007-09-02, 18:56
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:50 PM, on 9/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\1\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\WINDOWS\system32\lvhidsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\WgaTray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Google\Google Updater\GoogleUpdater.exe
D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Athan] D:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AOLDialer] D:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [tgcmd] D:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\RunServices: [LvHidSvc] D:\WINDOWS\system32\lvhidsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "D:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=00a6ad06-5e3e-4b6a-adda-0845a16d08bc
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Google Updater.lnk = D:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar search - res://D:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Add to AMV Convert Tool... - D:\Program Files\MP3 Player Utilities 3.77\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - D:\Program Files\MP3 Player Utilities 3.77\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - D:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\1\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lifeview HID Remote Controller Service (lvhidsvc) - Animation Technologies Inc. - D:\WINDOWS\system32\lvhidsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7619 bytes
fahad2k7,
The programs I had you run removed all the bad entries and files that I wanted them to :bigthumb: I was away today so I will look over your reports in the morning more thoroughly.
Animation Technologies Inc. <--This is running as a remote service, another words another program has access to your computer. If you know about it and know it to be safe than thats fine, if you don't know what it is and want to remove it let me know.
Your Java is out of date and leaving your system vulnerable.
Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
It should have an icon next to it:
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
Select it and click Remove.
Reboot your system.
Then go to the Sun Microsystems (http://www.java.com/en/download/manual.jsp) and install the update
Java Runtime Environment Version 6 Update 2 <--This is what you need to download and install.
If you chose the online installation, it will prompt you to run the program.
If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
Then after install you can verify your installation here Sun Java Verify (http://www.java.com/en/download/manual.jsp)
I like to to do the offline installation and save the setup file in case I may need it in the future
The rest of your log looks fine :bigthumb: Let me know how you feel your system is running now and I will analyze your reports and be back in the AM.
Nice job following my instructions by the way :bigthumb::bigthumb:
fahad2k7
2007-09-03, 05:56
the system is better then before. There are a few periods when the computer become slow. Yes i would like to remove the Animation Tecnologies software. Also i will install the updated java. Thanks a million :p:
Remote access service by Animation Technologies Inc. Legitimate, but remote access could be considered dangerous unless monitored carefully.
Try uninstalling via the Add Remove Programs in the Control Panel, let me know if it would not uninstall.
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
Download CCleaner from here (http://www.ccleaner.com/) to clean temp files from your computer.
Double click on the file to start the installation of the program.
Select your language and click OK, then next.
Read the license agreement and click I Agree.
Click next to use the default install location. Click Install then finish to complete installation.
Double click the CCleaner shortcut on the desktop to start the program.
On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
Click on the "Options" icon at the left side of the window, then click on "Advanced."
deselect "Only delete files in Windows Temp folders older than 48 hours."
Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
After CCleaner has completed its process, click Exit.
Post a new HJT log please
How is it going fahad2k7.
Due to lack of a response to helper this topic has been archived.
If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.