View Full Version : Crtical problem, please help. HJT Log Included
SoKrayzie
2008-01-28, 19:33
The other day I d/l'd a keygen and when I opened it I immediately got pop ups that Spyware has been detected. I ran Adware Alert and it cleaned what it found and then rebooted. After that, I can't use my computer normally. When it starts up, all desktop shortcuts come up, but my quick link icons on the bottom task bar will not load, and about every 10 seconds it seems as if it is restarting it self. All the icons disappear and then come back and it will do this for several minutes and then just nothing. I loose all icons and all I see is my wallpaper and mouse. I have to use ctrl+alt+delete and make a new task in order to run anything and if I minimize it is gone and I have to go to c+a+d again to bring it back up. I have run Spybot, Spyware Blaster, Trojan Hunter, Adware Alert, Trend Micro Housecall, Start Up Inspector & am currently running Vundofix. Below is my Hijack-This log after doing all that and even doing a walk through w/ Hijackthis. I have also tried running Spybot in Safe Mode, it finds the same problem file being MSSMGR everytime and says it fixes it everytime. Any further advice would be greatly appreciated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:05:28 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1124377827\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Virtual Assistant\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1124377827\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
c:\program files\common files\aol\1124377827\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124377827\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvhoh.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier .exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowAct iveXInstaller_2-0-0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_ v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/cli ent/wuweb_site.cab?1117827656046
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
--
End of file - 6391 bytes
SoKrayzie
2008-01-28, 20:16
I successfully ran Vundofix and my computer is acting better. It is now operating decently but still says it is detecting spyware. Vundofix removed several Vundo Trojans it found but could not remove one (awtqqqn.dll).
SoKrayzie
2008-01-28, 20:20
Here is my Smitfraudfix log.
SmitFraudFix v2.276
Scan done at 13:19:08.35, Mon 01/28/2008
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1124377827\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\common files\aol\1124377827\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1124377827\ee\aolsoftware.exe
C:\Program Files\Virtual Assistant\bin\mpbtn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{47B0C92E-66E1-4CB0-AF4D-834DBB41AC2E}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{742F3CE7-DAB2-4AED-89D9-6E866BD5F3E6}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{47B0C92E-66E1-4CB0-AF4D-834DBB41AC2E}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{742F3CE7-DAB2-4AED-89D9-6E866BD5F3E6}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{47B0C92E-66E1-4CB0-AF4D-834DBB41AC2E}: DhcpNameServer=192.168.254.254 192.168.254.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{742F3CE7-DAB2-4AED-89D9-6E866BD5F3E6}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SoKrayzie
2008-01-28, 21:48
Combofix log. Apparently like everyone else here it looks likes, I have a Virtumonde.
ComboFix 08-01-28.2 - HP_Owner 2008-01-28 14:34:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.583 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
C:\Program Files\outlook
C:\Program Files\outlook\p.zip
C:\WINDOWS\hosts
C:\WINDOWS\system32\1197063348.exe
C:\WINDOWS\system32\awtqqqn.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.
2008-01-28 13:19 . 2008-01-28 13:19 2,884 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-28 13:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-28 13:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-28 13:18 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-28 13:18 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-28 13:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-28 13:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-28 12:18 . 2008-01-28 13:08 <DIR> d-------- C:\VundoFix Backups
2008-01-28 11:32 . 2008-01-28 11:32 32 --a------ C:\WINDOWS\system32\thxcfg.ini
2008-01-28 11:29 . 2005-05-04 17:40 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-28 11:29 . 2005-05-04 17:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-28 11:29 . 2005-05-04 17:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-01-28 11:29 . 2005-05-04 17:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterMute
2008-01-28 11:29 . 2005-05-04 17:40 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-01-28 10:22 . 2008-01-28 10:22 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-28 10:22 . 2008-01-28 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-28 10:20 . 2008-01-28 10:20 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-28 10:14 . 2008-01-28 10:12 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-28 10:12 . 2008-01-28 10:36 <DIR> d-------- C:\Documents and Settings\HP_Owner\.housecall6.6
2008-01-26 22:46 . 2008-01-26 22:46 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-26 22:27 . 2008-01-26 22:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Uniblue
2008-01-26 22:22 . 2008-01-27 09:41 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\wsInspector
2008-01-26 22:14 . 2008-01-28 13:32 <DIR> d-------- C:\Program Files\Security Task Manager
2008-01-26 22:14 . 2008-01-26 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-01-26 22:07 . 2008-01-26 22:08 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2008-01-26 21:20 . 2008-01-26 21:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-26 21:19 . 2008-01-26 21:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-26 19:40 . 2008-01-26 19:40 103,936 --a------ C:\WINDOWS\system32\drvlix.dll
2008-01-26 19:31 . 2008-01-26 19:31 103,936 --a------ C:\WINDOWS\system32\drvtok.dll
2008-01-26 19:31 . 2008-01-26 19:31 18,944 --a------ C:\WINDOWS\system32\drvhoh.dll
2008-01-26 18:48 . 2008-01-26 18:48 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-01-24 17:11 . 2008-01-24 21:27 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Move Networks
2008-01-21 08:19 . 2008-01-22 22:48 0 --a------ C:\WINDOWS\PCSB.ERR
2008-01-21 08:18 . 2008-01-21 08:18 <DIR> d-------- C:\Program Files\Biblesoft
2008-01-21 08:18 . 2008-01-22 22:48 6,147 --a------ C:\WINDOWS\PCLICSB.DAT
2008-01-21 08:18 . 2008-01-21 08:18 258 -r-h----- C:\WINDOWS\system32\LMF.DAT
2008-01-18 22:06 . 2008-01-18 22:06 <DIR> d-------- C:\Program Files\Xvid
2008-01-18 22:06 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-01-18 11:27 . 2008-01-18 11:27 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-18 11:27 . 2008-01-18 11:27 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-01-18 11:27 . 2008-01-18 11:27 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-18 11:27 . 2008-01-18 11:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-18 09:39 . 2008-01-28 14:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-18 09:39 . 2008-01-18 09:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-17 10:21 . 2008-01-17 10:21 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-01-17 10:21 . 2008-01-17 10:21 64,650 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-01-17 10:19 . 2008-01-17 10:19 <DIR> d-------- C:\WINDOWS\BricoPacks
2008-01-17 10:19 . 2008-01-17 10:21 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-01-15 14:35 . 2008-01-15 14:35 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-01-15 09:55 . 2008-01-15 09:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-15 08:45 . 2008-01-18 11:29 <DIR> d-------- C:\Program Files\Bonjour
2008-01-15 08:36 . 2008-01-15 08:36 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-11 15:57 . 2008-01-11 15:57 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Talkback
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-10 11:22 . 2003-08-29 00:55 423,424 --a------ C:\WINDOWS\system32\WMAVDS32.ax
2008-01-10 11:22 . 2001-03-26 03:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-30 08:49 . 2007-12-30 08:49 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\TrojanHunter
2007-12-29 20:00 . 2007-12-29 20:00 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-12-29 14:36 . 2007-12-29 14:36 40 --a------ C:\Auth.prof
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 19:41 --------- d-----w C:\Program Files\Plaxo
2008-01-27 00:37 --------- d-----w C:\Program Files\Google
2008-01-25 14:27 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdwareAlert
2008-01-24 17:46 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\LimeWire
2008-01-21 13:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-18 16:30 --------- d-----w C:\Program Files\iTunes
2008-01-18 16:30 --------- d-----w C:\Program Files\iPod
2008-01-18 16:29 --------- d-----w C:\Program Files\QuickTime
2008-01-15 13:45 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-11 21:10 --------- d-----w C:\Program Files\YouTubeRobot
2008-01-03 17:31 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-12-19 20:05 --------- d-----w C:\Program Files\Pure Networks
2007-12-12 22:38 --------- d-----w C:\Program Files\FairUse Wizard 2
2007-12-12 22:37 --------- d-----w C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2007-12-09 22:08 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\WinMX Music
2007-12-09 22:03 --------- d-----w C:\Program Files\P2P_Energy
2007-12-09 21:55 --------- d-----w C:\Program Files\Motorola
2007-12-09 00:04 --------- d-----w C:\Program Files\Symantec
2007-12-09 00:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-09 00:01 --------- d-----w C:\Program Files\Norton AntiVirus
2007-12-08 23:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-08 23:50 --------- d-----w C:\Program Files\AWS
2007-12-08 16:32 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-08 14:23 --------- d-----w C:\Program Files\Java
2007-12-08 13:36 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-08 13:32 --------- d-----w C:\Program Files\Windows Media Connect
2007-12-08 12:43 --------- d-----w C:\Program Files\BitLord
2007-12-08 03:22 --------- d-----w C:\Program Files\Virtual Assistant
2007-12-08 03:22 --------- d-----w C:\Program Files\Common Files\Motive
2007-12-08 03:20 --------- d-----w C:\Program Files\Napster
2007-12-08 03:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-08 03:19 --------- d-----w C:\Program Files\Help and Support Additions
2007-12-08 03:14 --------- d-----w C:\Program Files\Common Files\AOL
2007-12-08 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-12-08 02:28 --------- d-----w C:\Program Files\Motive
2007-12-08 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2006-04-25 21:06 922 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2006-02-12 05:35 784 ----a-w C:\Documents and Settings\HP_Owner\Application Data\mpauth.dat
2005-06-27 22:08 769,749 ----a-w C:\Program Files\blazeftp.exe
2005-06-27 22:06 21,904,216 ----a-w C:\Program Files\iTunesSetup.exe
2005-06-04 02:36 3,421,616 ----a-w C:\Program Files\LimeWireWin.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2007-12-09 17:03 1502232 --a------ C:\Program Files\P2P_Energy\tbP2P1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89A1E40D-0254-4F99-B9AE-B60A2D8754A9}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7784F95-8291-4A84-AA48-C197F11CF19F}]
C:\WINDOWS\system32\vturq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A9F79629-E2D6-4257-8922-04D715CDF883}]
C:\WINDOWS\system32\ddcyw.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7702AB5-D7FD-42D0-9EB8-7440F3E8E4A1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}
{2BAE58C2-79F9-45D1-A286-81F911301C3A}
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= C:\Program Files\P2P_Energy\tbP2P1.dll [2007-12-09 17:03 1502232]
[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:00 15360]
"Aim6"="" []
"PlaxoUpdate"="C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe" [2007-12-11 17:21 227914]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-26 19:31 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 04:04 52736]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 17:53 2805248 C:\WINDOWS\ALCWZRD.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-05-04 16:53 180269]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18 241664]
"HostManager"="C:\Program Files\Common Files\AOL\1124377827\ee\AOLSoftware.exe" [2006-04-20 12:10 50792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 10:46 172032]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 11:59 124520]
"Motive SmartBridge"="C:\PROGRA~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe" [2006-04-21 15:41 438359]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31 1046688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"MSDisp32"="C:\WINDOWS\system32\drvhoh.dll" [2008-01-26 19:31 18944]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Virtual Assistant.lnk - C:\Program Files\Virtual Assistant\bin\matcli.exe [2007-12-07 21:27:54 217088]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\\WINDOWS\\system32\\vturq
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=C:\WINDOWS\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=C:\WINDOWS\pss\HP Organize.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-17 18:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 06:42 659456 C:\WINDOWS\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 06:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 09:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
C:\WINDOWS\system32\ps2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-13 20:23 663552 C:\Windows\Creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-04-06 17:57 90112 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 01:43:51 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.exe
- C:\Program Files\AdwareAlert
"2008-01-23 23:02:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 14:41:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\drvhoh.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1124377827\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Virtual Assistant\bin\mpbtn.exe
c:\program files\common files\aol\1124377827\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1124377827\ee\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-01-28 14:44:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 19:44:20
.
2008-01-09 18:49:08 --- E O F ---
SoKrayzie
2008-01-28, 21:49
New HJT log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:17 PM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1124377827\ee\AOLSoftware.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\PROGRA~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Virtual Assistant\bin\mpbtn.exe
c:\program files\common files\aol\1124377827\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1124377827\ee\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A7784F95-8291-4A84-AA48-C197F11CF19F} - C:\WINDOWS\system32\vturq.dll (file missing)
O2 - BHO: (no name) - {A9F79629-E2D6-4257-8922-04D715CDF883} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124377827\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~2\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvhoh.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.13.1.3\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Virtual Assistant.lnk = C:\Program Files\Virtual Assistant\bin\matcli.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117827656046
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
--
End of file - 7333 bytes
SoKrayzie
2008-01-29, 15:22
Any help?
Your second new topic:
http://forums.spybot.info/showthread.php?p=161475
Apprantly you missed all the information in our sticky topics:
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Best regards.