PDA

View Full Version : could someone please look at my log



bimbledwadle
2007-10-03, 23:33
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9:27:39 PM, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\ApvxdWin.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\colette\Desktop\EXE'S + SHORTCUTS\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe 5.0\IEBar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O21 - SSODL: msvb - {172C0C61-CED8-46E9-868D-ABED0BEC0FA0} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {3FD3DC2E-CCFF-47C0-9660-18EDB1410C1F} - C:\WINDOWS\sysdx.dll
O21 - SSODL: msmhost - {4FB7FC9E-ACFF-4452-BAE9-AAE920A3D669} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {A246F15F-148A-4178-9C24-44A2E3F94B1A} - C:\WINDOWS\msmdev.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7432 bytes

bimbledwadle
2007-10-04, 03:02
ComboFix 07-10-04.2 - colette 2007-10-03 23:38:51.1 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\colette\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\colette\Favorites\Error Cleaner.url
C:\Documents and Settings\colette\Favorites\Privacy Protector.url
C:\Documents and Settings\colette\Favorites\Spyware&Malware Protection.url
C:\Program Files\VideoAccessCodec
C:\Program Files\VideoAccessCodec\install.ico
C:\Program Files\VideoAccessCodec\Uninstall.exe
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx
C:\WINDOWS\msmhost.dll
C:\WINDOWS\search_res.txt
C:\WINDOWS\system32\packet.dll

.
((((((((((((((((((((((((( Files Created from 2007-09-04 to 2007-10-04 )))))))))))))))))))))))))))))))
.

2007-10-03 23:32 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 17:15 <DIR> d-------- C:\Documents and Settings\colette\.housecall6.6
2007-10-03 03:12 81,920 --a------ C:\WINDOWS\netadv.dll
2007-10-03 03:12 311,296 --a------ C:\WINDOWS\sysdx.dll
2007-10-03 03:12 303,104 --a------ C:\WINDOWS\msvb.dll
2007-10-02 16:19 <DIR> d-------- C:\Documents and Settings\colette\Application Data\Leadertech
2007-10-01 18:51 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-01 18:51 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-10-01 18:51 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2007-10-01 18:51 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-10-01 18:46 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-01 18:45 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2007-10-01 18:45 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2007-10-01 18:45 53,248 --a------ C:\WINDOWS\amcap.exe
2007-10-01 18:45 40,960 --a------ C:\WINDOWS\vsnpstd2.exe
2007-10-01 18:45 40,960 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2007-10-01 18:45 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2007-10-01 18:45 302,720 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2007-10-01 18:45 <DIR> d-------- C:\Program Files\Windows Media Components
2007-10-01 18:45 <DIR> d-------- C:\Program Files\Mingjong
2007-10-01 18:44 20,480 --a------ C:\WINDOWS\usnpstd2.exe
2007-10-01 18:44 <DIR> d-------- C:\Program Files\Common Files\snpstd2
2007-09-30 20:03 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2007-09-30 20:03 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2007-09-27 20:21 <DIR> d-------- C:\Documents and Settings\colette\Application Data\VideoEgg
2007-09-21 06:00 <DIR> d-------- C:\Program Files\PopCap Games
2007-09-18 03:54 <DIR> d-------- C:\STARWARS
2007-09-13 11:56 <DIR> d-------- C:\ConvertTemp
2007-09-13 11:34 97,152 --a------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-09-13 11:34 <DIR> d-------- C:\Program Files\Realtek
2007-09-12 23:13 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2007-09-12 23:13 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2007-09-12 23:13 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2007-09-12 23:13 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2007-09-12 23:12 <DIR> d-------- C:\Documents and Settings\colette\Application Data\Samsung
2007-09-12 23:04 <DIR> d-------- C:\Program Files\Samsung
2007-09-12 22:26 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2007-09-12 22:26 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2007-09-12 22:26 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2007-09-12 22:26 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-09-12 20:57 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-09-12 20:55 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-09-07 10:17 362,944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2007-09-07 10:17 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2007-09-07 10:17 <DIR> d-------- C:\Program Files\NETGEAR
2007-09-06 21:51 <DIR> d-------- C:\Program Files\BroadJump
2007-09-06 21:13 <DIR> d-------- C:\Documents and Settings\colette\Application Data\MSN6
2007-09-06 20:23 <DIR> d-------- C:\Program Files\NETGEAR(2)
2007-09-06 18:12 <DIR> d-------- C:\Program Files\Common Files\Sony Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-04 23:52 13880 --a------ C:\WINDOWS\system32\drivers\COMFiltr.sys
2007-10-04 23:52 1244 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2007-10-04 23:52 1244 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG
2007-10-03 22:04 250280 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2007-10-03 22:04 250280 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT
2007-10-03 22:01 --------- d-------- C:\Program Files\Google
2007-10-03 19:57 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-10-03 19:57 --------- d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-10-03 19:42 --------- d-------- C:\Program Files\DivX
2007-10-03 18:32 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-10-03 17:15 102664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-03 11:55 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-03 10:45 --------- d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2007-10-03 05:29 --------- d-------- C:\Program Files\eMule
2007-10-03 03:54 --------- d-------- C:\Documents and Settings\colette\Application Data\uTorrent
2007-10-02 18:47 --------- d-------- C:\Documents and Settings\colette\Application Data\LimeWire
2007-09-26 16:29 --------- d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-23 20:09 --------- d-------- C:\Program Files\Bejeweled 2 Deluxe
2007-09-20 20:57 48 --a------ C:\WINDOWS\system32\drivers\wnmsav.dat
2007-09-19 00:55 720896 --a------ C:\WINDOWS\iun6002ev.exe
2007-09-13 15:12 --------- d-------- C:\Program Files\LimeWire
2007-09-13 11:33 --------- d-------- C:\Program Files\sisagp
2007-09-10 21:45 --------- d-------- C:\Program Files\Apophysis 2.0
2007-09-01 11:43 9232 --a------ C:\Documents and Settings\colette\mqdmmdfl.sys
2007-09-01 11:43 92064 --a------ C:\Documents and Settings\colette\mqdmmdm.sys
2007-09-01 11:43 79328 --a------ C:\Documents and Settings\colette\mqdmserd.sys
2007-09-01 11:43 66656 --a------ C:\Documents and Settings\colette\mqdmbus.sys
2007-09-01 11:43 6208 --a------ C:\Documents and Settings\colette\mqdmcmnt.sys
2007-09-01 11:43 5936 --a------ C:\Documents and Settings\colette\mqdmwhnt.sys
2007-09-01 11:43 4048 --a------ C:\Documents and Settings\colette\mqdmcr.sys
2007-09-01 11:43 25600 --a------ C:\Documents and Settings\colette\usbsermptxp.sys
2007-09-01 11:43 22768 --a------ C:\Documents and Settings\colette\usbsermpt.sys
2007-08-30 04:00 --------- d-------- C:\Program Files\Common Files\NSV
2007-08-30 03:24 --------- d-------- C:\Program Files\uTorrent
2007-08-23 17:22 12400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-08-23 17:21 --------- d-------- C:\Program Files\directx
2007-08-11 20:42 --------- d-------- C:\Program Files\Jasc Software Inc
2007-08-11 20:42 --------- d-------- C:\Documents and Settings\colette\Application Data\Jasc
2007-08-10 20:30 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-10 16:39 --------- d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-08-10 11:24 --------- d-------- C:\Documents and Settings\colette\Application Data\Opera
2007-08-10 10:49 --------- d-------- C:\Program Files\Opera
2007-08-10 10:47 --------- d-------- C:\Documents and Settings\colette\Application Data\Talkback
2007-08-10 10:09 --------- d-------- C:\Program Files\CCleaner
2007-08-10 10:09 --------- d-------- C:\Program Files\AvRack
2007-08-10 08:25 --------- d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-09 19:57 --------- d-------- C:\Documents and Settings\colette\Application Data\Sunbelt Software
2007-08-09 03:50 --------- d-------- C:\Program Files\Tweak Manager
2007-07-05 01:49 77312 --a------ C:\WINDOWS\ua2.dll
2007-05-30 11:00:17 8 --sh--r C:\WINDOWS\system32\BC1AFC9539.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2003-11-19 23:41 C:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 20:02]
"SiSPower"="SiSPower.dll" [2007-04-11 03:06 C:\WINDOWS\system32\SiSPower.dll]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 17:23 C:\WINDOWS\StartupMonitor.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2007-09-07 10:17:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2007-09-07 10:17:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
@=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msvb"= {172C0C61-CED8-46E9-868D-ABED0BEC0FA0} - C:\WINDOWS\msvb.dll [2007-10-02 00:03 303104]
"sysdx"= {3FD3DC2E-CCFF-47C0-9660-18EDB1410C1F} - C:\WINDOWS\sysdx.dll [2007-10-02 00:03 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=C:\WINDOWS\pss\Ralink Wireless Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfaem]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfaem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
"C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMagicLogon]
"C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LimeWire Acceleration Patch]
C:\Documents and Settings\All Users\Start Menu\Programs\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mbssm32]
C:\WINDOWS\system32\smvalid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne]
"C:\Program Files\Prevx2\PXConsole.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBCSTray]
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PREVXAgent"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)

R1 APPFLT;App Filter Plugin;\??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
R1 DSAFLT;DSA Filter Plugin;\??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
R1 FNETMON;NetMon Filter Plugin;\??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
R1 IDSFLT;Ids Filter Plugin;\??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\Drivers\ShlDrv51.sys
R1 SMSFLT;SMS Filter Plugin;\??\C:\WINDOWS\system32\Drivers\SMSFLT.SYS
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\system32\drivers\cpoint.sys
R2 PAVDRV;pavdrv;C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
R2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
R3 ComFiltr;Panda Anti-Dialer;\??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
R3 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\moufiltr.sys
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\netimflt.sys
R3 SndTDriverV32;SndTDriverV32;C:\WINDOWS\system32\drivers\SndTDriverV32.sys
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\System32\DNINDIS5.SYS
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys
S3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 tbhsd;Tunebite High-Speed Dubbing;C:\WINDOWS\system32\drivers\tbhsd.sys
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-09-12 23:00:07 C:\WINDOWS\Tasks\Basic clean-up.job"
"2007-09-12 23:00:07 C:\WINDOWS\Tasks\Basic clean-up1.job"
- C:\Program Files\Panda Software\Panda Internet Security 2007\PlaTasks.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 23:51:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-10-04 23:57:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 23:56
.
--- E O F ---

bimbledwadle
2007-10-04, 03:05
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:04:22 AM, on 05/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\ApvxdWin.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Opera\Opera.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\colette\Desktop\EXE'S + SHORTCUTS\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe 5.0\IEBar.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O21 - SSODL: msvb - {172C0C61-CED8-46E9-868D-ABED0BEC0FA0} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {3FD3DC2E-CCFF-47C0-9660-18EDB1410C1F} - C:\WINDOWS\sysdx.dll
O21 - SSODL: msmhost - {4654E274-B42F-436E-816B-2AB1B86D2011} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {6F7C4B46-CA7A-46BF-9B7F-73CCBC34D424} - C:\WINDOWS\msmdev.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7016 bytes

pskelley
2007-10-13, 03:05
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

The Waiting Room
http://forums.spybot.info/forumdisplay.php?f=37

Start with ONLY the Two Logs We Ask For in Our Sticky Topic, NOT CF etc http://forums.spybot.info/showthread.php?t=16806

I apologize that no one has helped you yet, if you will review the instructions above, you will understand why this can happen. If your issues are resolved, post to let me know so I can close your topic, if you still need help, after you review the information I posted, then do this:

http://siri.geekstogo.com/SmitfraudFix.php <<< download Smitfraudfix from here and follow ONLY these directions.

Search:
Double-click SmitfraudFix.exe
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

Post the C:\rapport.txt only, you may add any comments you think will help. You are using an out of date version of HJT, update it from the link provided, but wait until I ask for a new HJT log before you post one.

Thanks

pskelley
2007-10-19, 10:36
No response in over a week, this topic is closed.

If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.

Thanks