• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

My computer has Virtumonde

A

Austin8289

New member
So yeah. As you can see from my title, my computer has been infected with Virtumonde. Any help with removal would be greatly appreciated.
 
Hello and welcome to Safer Networking Forums.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


Step # 1: Download and Run HijackThis
Download HJTInstall.exe to your Desktop.

  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Step # 2 Download CCleaner

Download CCleaner from here to clean temp files from your computer.
  • Double click on the ccsetup.exe file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location.
  • Under Install Options, choose all the default settings except I would recommend that you unclick/untick install the Yahoo! Toolbar, unless you want it. You can also Uncheck the 'Automatically check for updates' box.
  • Click Install then finish to complete installation.


Step # 3 Retrieve the Installed Programs List from CCleaner

Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.


In your next post/reply, I need to see the following:

1. HiJackThis Log
2. CCleaner Install List
 
HJT Log and CCleaner Log

HJT Log
==========================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:34 AM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder (3)\Pokemon Maker for Diamond and Pearl\pokesav_english_version.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder\Documents and Settings\Owner.YOUR-2F085352E9\My Documents\All\akshld\ResizeEnable\ResizeEnableRunner.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\byXRijhh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: byXRijhh - C:\WINDOWS\SYSTEM32\byXRijhh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 9686 bytes



CCleaner Log
==========================================================
µTorrent
Adobe Reader 7.0
America Online (Choose which version to remove)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Bonjour
Browser Address Error Redirector
CCleaner (remove only)
Diner Dash
Diner Dash
DVD Solution
DVD43 v4.0.0
FATE
Gateway Game Console
Google Desktop
Google Toolbar for Internet Explorer
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hometown Hero
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 2
LADSPA_plugins-win-0.4.15
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Money 2006
Microsoft Office Professional Edition 2003
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Motorola SM56 Data Fax Modem
Napster
Napster Burn Engine
Penguins!
Pinnacle Hollywood FX
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
Pure Networks Port Magic
QuickTime
Rainlendar (remove only)
RealPlayer Basic
Recovery Software Suite Gateway
SCRABBLE
Serious Samurize
SigmaTel Audio
Sonic Encoders
Studio 9
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Tradewinds
Trend Micro Antivirus
Viewpoint Media Player
WildTangent Web Driver
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
 
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

µTorrent

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Also available here.

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Disable Windows Defender until the computer is clean


Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save


Step # 1 Remove WildTangent

I see you are using Wild Tangent. It is not malware, but is sometimes thought to bring malware along. Wild Tangent is a video game software company specializing in online games. It has even made a partnership with AOL to include itself as part of the AOL Instant Messenger for their AIM games section. The WildTangent Web Driver is their technology that allows you to play 3D games over the Internet. Although it’s not technically considered spyware, it does have built in components to update itself and gather information about the computer system including
  • Operating System Version
  • CPU Type and Speed
  • Memory Amount
    Video Card type and Driver Version
  • Sound Card type and Driver Version
  • DirectX Version
    Location that the Web Driver was installed from
  • It is also a MAJOR resource hog.

For more information, see WildTangent Removal Instructions and Help and Inside Wild Tangent-Delivering High-End 3-D Content To A Web Site Near You.
Unless you are an extremely avid games player, I recommend you uninstall Wild Tangent: To uninstall Wild Tangent:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight WildTangent Web Driver, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.


Step # 2: Download and Run: VundoFix
  1. Please download VundoFix.exe by Atribune from Atribune and save it to your desktop.
  2. Double click VundoFix.exe to run it.
  3. Click the Scan for Vundo button.
  4. Once it's done scanning, click the Fix Vundo button.
  5. You will receive a prompt asking if you want to remove the files, click YES
  6. Once you click yes, your desktop will go blank as it starts removing Vundo.
  7. When completed, it will prompt that it will reboot your computer, click OK.
  8. Please post the contents of C:\vundofix.txt and a new HijackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

If you receive this error - "Run-time error '339': Component 'comdlg32.ocx' or one its dependencies not correctly registered: a file is missing or invalid" , please download this file and save it to your desktop.

  • Right click on Comdlg32.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • On the text box above the Browse button, copy and paste in C:\Windows\system32.
  • Click OK.
  • Uncheck (untick) the Show extracted files box and click Finish.
  • Click on Start > Run and copy and paste in the following into the Run box:

    REGSVR32 C:\Windows\system32\comdlg32.ocx

  • Press Enter.
  • You should receive this message - "DllRegisterServer in C:\Windows\system32\comdlg32.ocx succeeded."
  • Click OK and restart your computer. Then try running VundoFix again.


In your next post/reply, I need to see the following:

1. VundoFix Log
2. A fresh HiJackThis Log
 
VundoFix and HJT Log

VundoFix did not find any traces, but I will post the log anyway.
==========================================================
VundoFix V7.0.5

Scan started at 6:09:34 PM 5/26/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

==========================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:00 PM, on 5/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder\Documents and Settings\Owner.YOUR-2F085352E9\My Documents\All\akshld\ResizeEnable\ResizeEnableRunner.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {E707216F-6AFF-4BD4-962D-EC5CDBA812A1} - C:\WINDOWS\system32\byXRijhh.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: byXRijhh - C:\WINDOWS\SYSTEM32\byXRijhh.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 9441 bytes
 
Since VundoFix didn't work, let's try another tool to help take out Virtumonde.

Step # 1 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u6.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications.".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Remove the following old versions of Java:

  • J2SE Runtime Environment 5.0 Update 2

  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • From your desktop double-click on the download to install the newest version.


Step # 2: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Be sure to save ComboFix.exe to your Desktop

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleaning the system:

C:\ComboFix.txt
New HijackThis log.

Use multiple posts if you can't fit everything into one post.
 
Can't download Java Update

Unfortunatly, I have Dial-Up, so I can't really download anyhting over about 6mb. Can I use ComboFix without installing the Java Update?
 
Go ahead and download and run ComboFix.

Do you have access to a computer with a DSL or Cable connection? You have a really old version of Java and the quicker it is updated the better. If you can get access to a computer with DSL/Cable, just use it to download the latest version of Java and then transfer it over to your computer via a USB Stick/Flash Drive.
 
Java Update

I will try to get an update for Java soon. The computer is a laptop, so I can get wireless High-speed tommorrow. I will run ComboFix in a little while.
 
ComboFix Log

ComboFix 08-05-27.4 - Owner 2008-05-28 16:29:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.554 [GMT -4:00]
Running from: F:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\byXRijhh.dll

.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-28 )))))))))))))))))))))))))))))))
.

2008-05-26 23:00 . 2008-05-26 23:00 <DIR> d-------- C:\Program Files\UltraSurf
2008-05-26 23:00 . 2008-05-26 23:05 <DIR> d-------- C:\Program Files\Pocket Tanks Deluxe 1.3
2008-05-26 18:09 . 2008-05-26 18:09 <DIR> d-------- C:\VundoFix Backups
2008-05-26 11:20 . 2007-05-31 08:44 740,442 --a------ C:\WINDOWS\system32\divx.dll
2008-05-26 11:20 . 2007-07-29 17:51 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-26 11:20 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-05-26 11:00 . 2008-05-26 11:00 <DIR> d-------- C:\Program Files\CCleaner
2008-05-22 16:52 . 2008-05-22 16:52 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\AdobeUM
2008-05-21 22:21 . 2008-05-21 22:21 139 --a------ C:\WINDOWS\wininit.ini
2008-05-21 21:32 . 2004-03-29 04:06 90,464 --a------ C:\WINDOWS\system32\drivers\MarvinBus.sys
2008-05-21 21:32 . 2002-03-19 10:29 14,165 --a------ C:\WINDOWS\system32\drivers\Pclepci.sys
2008-05-21 21:29 . 2002-01-05 04:48 974,848 --a------ C:\WINDOWS\system32\MFC70.DLL
2008-05-21 21:28 . 2008-05-21 21:30 <DIR> d-------- C:\Program Files\Pinnacle
2008-05-21 21:28 . 2008-05-21 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Pinnacle
2008-05-21 16:07 . 2008-05-21 16:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-05-20 13:39 . 2008-05-20 13:39 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2008-05-20 13:38 . 2008-05-20 22:18 181 --a------ C:\WINDOWS\system32\sam.ini
2008-05-20 13:24 . 2008-05-20 13:24 <DIR> d-------- C:\New Folder
2008-05-17 10:09 . 2008-05-17 10:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-16 19:51 . 2008-05-21 21:11 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\Apple Computer
2008-05-16 19:51 . 2008-05-28 16:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-16 19:51 . 2008-05-16 19:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 19:50 . 2008-05-16 19:51 <DIR> d-------- C:\Program Files\iTunes
2008-05-16 19:50 . 2008-05-16 19:50 <DIR> d-------- C:\Program Files\iPod
2008-05-16 19:46 . 2008-05-16 19:46 <DIR> d-------- C:\Program Files\QuickTime
2008-05-16 19:46 . 2008-05-16 19:46 <DIR> d-------- C:\Program Files\Bonjour
2008-05-16 19:46 . 2008-05-16 19:46 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\Media Player Classic
2008-05-16 19:46 . 2008-05-16 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-16 19:45 . 2008-05-16 19:45 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-16 19:45 . 2008-05-16 19:45 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-16 19:45 . 2008-05-16 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-16 17:04 . 2008-05-16 19:50 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\McAfee.com Personal Firewall
2008-05-16 17:04 . 2008-05-16 17:04 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
2008-05-15 22:24 . 2008-05-21 21:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Program Files\ZUMA
2008-05-15 21:38 . 2008-05-15 21:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-15 21:37 . 2008-05-15 21:37 <DIR> d-------- C:\Program Files\Webroot
2008-05-15 21:37 . 2008-05-15 21:37 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-15 21:37 . 2008-05-15 21:37 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-05-15 21:36 . 2008-05-15 21:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-05-15 21:35 . 2008-05-15 21:35 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-15 21:35 . 2008-05-15 21:35 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-15 21:35 . 2008-05-15 21:35 <DIR> d-------- C:\Program Files\MSBuild
2008-05-15 21:34 . 2008-05-15 21:35 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-05-15 21:32 . 2008-05-15 21:32 <DIR> d-------- C:\Program Files\Microsoft Web Designer Tools
2008-05-15 21:22 . 2008-05-15 21:32 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-05-15 21:22 . 2008-05-15 21:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio .NET 2003
2008-05-15 21:22 . 2008-05-15 21:22 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-05-15 21:22 . 2008-05-15 21:22 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-05-15 21:18 . 2008-05-15 21:21 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-05-15 21:17 . 2008-05-15 21:17 <DIR> d-------- C:\Program Files\Microsoft Small Business
2008-05-15 21:17 . 2008-05-15 21:17 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-15 21:13 . 2008-05-15 21:13 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-05-15 21:08 . 2008-05-15 21:08 <DIR> d-------- C:\Program Files\MagicISO
2008-05-15 21:08 . 2008-05-26 11:21 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 21:06 . 2008-05-15 21:06 <DIR> d-------- C:\Program Files\GGE909 PC Recoil Pad
2008-05-15 21:00 . 2008-05-15 21:00 <DIR> d-------- C:\Program Files\Game Elements
2008-05-15 21:00 . 2008-05-15 21:00 <DIR> d-------- C:\Program Files\Free DVD MP3 Ripper
2008-05-15 21:00 . 2008-05-20 13:39 <DIR> d-------- C:\Program Files\dvd43
2008-05-15 21:00 . 2008-05-15 21:00 <DIR> d-------- C:\Program Files\Datel
2008-05-15 21:00 . 2008-05-15 21:00 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-05-15 20:55 . 2008-05-15 20:55 <DIR> d-------- C:\Program Files\CMAK
2008-05-15 20:55 . 2008-05-15 20:55 <DIR> d-------- C:\Program Files\Avanquest update
2008-05-15 20:55 . 2008-05-15 20:55 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-15 20:54 . 2008-05-15 20:54 <DIR> d-------- C:\Program Files\ADMIN TOOLS
2008-05-15 20:54 . 2008-05-15 20:54 <DIR> d-------- C:\Program Files\activePDF
2008-05-15 19:14 . 2008-05-15 19:14 0 --a------ C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\wklnhst.dat
2008-05-15 18:05 . 2008-05-15 18:05 <DIR> d-------- C:\Program Files\Audacity
2008-05-15 18:03 . 2008-05-15 18:03 <DIR> d-------- C:\Program Files\Windows Resource Kits
2008-05-15 17:58 . 2008-05-15 17:59 <DIR> d-------- C:\Program Files\Samurize
2008-05-15 17:57 . 2008-05-15 17:57 <DIR> d-------- C:\Program Files\Rainlendar
2008-05-15 17:57 . 2008-05-15 21:01 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\Rainlendar
2008-05-15 01:05 . 2008-05-21 21:09 26 --a------ C:\WINDOWS\popcinfo.dat
2008-05-15 00:18 . 2008-05-21 16:07 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\PlayFirst
2008-05-14 22:37 . 2008-05-14 22:37 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\WildTangent
2008-05-14 21:03 . 2008-05-14 21:03 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\CyberLink
2008-05-14 20:32 . 2006-10-04 10:06 1,197,294 --a--c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-05-14 20:32 . 2006-10-04 10:06 764,868 --a--c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-05-14 20:32 . 2006-10-04 10:06 217,118 --a--c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-05-14 20:31 . 2008-05-14 20:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-05-14 20:30 . 2008-05-14 20:30 <DIR> d-------- C:\80c8ec2e7307d5f604
2008-05-14 20:29 . 2008-05-14 20:29 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-05-14 20:29 . 2008-05-14 20:30 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-05-14 20:17 . 2008-05-14 20:17 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-05-14 20:05 . 2008-05-14 09:59 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\WINDOWS
2008-05-14 20:05 . 2008-05-14 10:44 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\You've Got Pictures Screensaver
2008-05-14 20:05 . 2008-05-14 10:46 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\SampleView
2008-05-14 20:05 . 2008-05-14 10:56 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN\Application Data\Intel
2008-05-14 20:05 . 2008-05-26 22:52 <DIR> d-------- C:\Documents and Settings\Owner.NON-POLITICIAN
2008-05-14 20:04 . 2008-05-14 09:59 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-05-14 20:04 . 2008-05-14 10:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-05-14 20:04 . 2008-05-14 10:46 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-05-14 11:09 . 2008-05-14 11:09 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-05-14 11:04 . 2008-05-14 11:04 333 --a------ C:\WINDOWS\system32\$ncsp$.inf
2008-05-14 11:04 . 2008-05-14 11:04 0 --a------ C:\WINDOWS\system32\Gateway_MX6956_Rev.1_T3A6A41004121.MRK
2008-05-14 11:03 . 2006-03-23 15:12 139,264 --a------ C:\WINDOWS\system32\igfxres.dll
2008-05-14 11:02 . 2008-05-17 09:48 34,400 --a------ C:\WINDOWS\system32\Status.MPF
2008-05-14 10:57 . 2006-04-21 02:12 332,800 --a--c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-05-14 10:57 . 2006-06-22 06:47 181,248 --a--c--- C:\WINDOWS\system32\dllcache\rasmans.dll
2008-05-14 10:57 . 2006-05-19 08:59 148,480 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-05-14 10:57 . 2006-05-19 08:59 111,616 --a--c--- C:\WINDOWS\system32\dllcache\dhcpcsvc.dll
2008-05-14 10:57 . 2006-05-19 08:59 94,720 --a--c--- C:\WINDOWS\system32\dllcache\iphlpapi.dll
2008-05-14 10:56 . 2008-05-14 10:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-14 10:55 . 2008-05-16 19:45 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-14 10:55 . 2008-05-14 10:56 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-05-14 10:55 . 2008-05-14 10:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-05-14 10:55 . 2008-05-14 10:55 21,275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-14 10:54 . 2008-05-14 10:54 <DIR> d-------- C:\Program Files\McAfee
2008-05-14 10:54 . 2008-05-16 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-05-14 10:54 . 2008-05-14 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-14 10:54 . 2008-05-14 10:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-14 10:52 . 2008-05-14 10:52 <DIR> d-------- C:\Program Files\gtw_logo
2008-05-14 10:52 . 2008-05-14 20:04 <DIR> d-------- C:\Documents and Settings\Owner
2008-05-14 10:52 . 2006-02-06 15:24 1,239,209 --a------ C:\WINDOWS\system32\gtw_logo.scr
2008-05-14 10:52 . 2003-07-03 18:48 23,552 --a------ C:\WINDOWS\system32\jesterss.dll
2008-05-14 10:52 . 2006-04-21 12:50 1,150 --a------ C:\WINDOWS\system32\gtw.ico
2008-05-14 10:49 . 2008-05-14 10:49 <DIR> d-------- C:\WINDOWS\tiinst
2008-05-14 10:47 . 2008-05-14 10:47 <DIR> d-------- C:\Program Files\Motorola
2008-05-14 10:46 . 2008-05-14 10:46 <DIR> d-------- C:\Program Files\SigmaTel
2008-05-14 10:46 . 2008-05-14 10:46 <DIR> d-------- C:\Program Files\Microsoft Money 2006
2008-05-14 10:46 . 2008-05-14 10:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-05-14 10:46 . 2006-06-15 18:28 1,179,784 --a------ C:\WINDOWS\system32\drivers\sthda.sys
2008-05-14 10:46 . 2006-06-15 18:24 217,088 --a------ C:\WINDOWS\system32\stacapi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-14 14:43 8,552 ----a-w C:\WINDOWS\system32\drivers\asctrm.sys
2008-05-14 13:59 --------- d-----w C:\Program Files\Windows Plus
2008-05-14 13:59 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-14 13:59 --------- d-----w C:\Program Files\Common Files\New Boundary
2008-05-14 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism Deploy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-20 12:34 171448]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56 64512]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-05-14 10:33 169984]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 10:47 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 10:47 688218]
"HostManager"="C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe" [2004-11-03 17:03 125528]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 20:42 79448]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" [ ]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 15:30 139264]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 13:20 413696 C:\WINDOWS\stsystra.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-23 22:22 573440]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 15:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 15:17 118784]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 14:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 14:56 602182]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 19:16 1121792]
"pccguide.exe"="C:\Program Files\Trend Micro\Antivirus\pccguide.exe" [2004-02-17 18:51 950337]
"PCClient.exe"="C:\Program Files\Trend Micro\Antivirus\PCClient.exe" [2004-02-17 18:51 634949]
"TM Outbreak Agent"="C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" [2004-02-17 18:50 290816]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2007-11-20 16:40 731136]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 16:26 406016]

C:\Documents and Settings\Owner.NON-POLITICIAN\Start Menu\Programs\Startup\
Spybot - S&D.lnk - C:\Program Files\Spybot - Search & Destroy\SDMain.exe [2008-04-07 17:55:32 414544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2008-05-14 10:37:34 2168360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1210776190\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=


.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 23:45:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-15 00:04:47 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-28 20:38:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 16:36:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
.
**************************************************************************
.
Completion time: 2008-05-28 16:42:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 20:41:59

Pre-Run: 51,723,718,656 bytes free
Post-Run: 51,820,269,568 bytes free

275
 
HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:43:19 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 8768 bytes
 
Recovery Console

I already have the recovery console on my original Windows XP disk, so I did not have to install it on my computer.
 
I noticed you placed ComboFix.exe at F:\ , please move the file and place it on your Desktop for easier access and in case I need you to use it again during the time I'm helping you. Thanks. :)



Step # 1 Upload Files


Go to Jotti
Copy the following line into the white textbox:
C:\WINDOWS\system32\jesterss.dll
Click Submit.
Please post the results of this scan to this thread.

Repeat the above steps with the following files:

C:\WINDOWS\system32\gtw.ico

If Jotti is busy, Go to VirusTotal and scan the file(s) there.


Step # 2 Run CCleaner

CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

  • Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
  • Then select the items you wish to clean up.
  • In the Windows Tab:
  • Clean all entries in the Internet Explorer section except Cookies
  • Clean all the entries in the Windows Explorer section
  • Clean all entries in the System section
  • Clean all entries in the Advanced section
  • Clean any others that you choose
  • In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it
  • Clean all in the Opera section if you use it
  • Clean Sun Java in the Internet Section
  • Clean any others that you choose
  • Click the Run Cleaner button.
  • A pop up box will appear advising this process will permanently delete files from your system.
  • Click OK and it will scan and clean your system.
  • Click exit when done.
  • If it asks you to reboot at the end, click NO


Step # 3: Remove Hijackthis Entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):


    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.


Step # 4 Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Before running a scan, click the Update tab, next click Check for Updates to download any updates, if available.
  • Next click the Scanner tab and select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.


In your next post/reply, I need to see the following:

1. Jotti/VirusTotal results
2. MalwareBytes' Log
3. A fresh HiJackThis log
 
Scan Results

File: jesterss.dll
Status: OK
MD5: bbe4d3aa47ae3bb54d04c8fa52477976
Packers detected: ASPACK

Scanner results
Scan taken on 30 May 2008 21:07:25 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

-----------------------------------------------------

File: gtw.ico
Status: OK
MD5: 0b90cfa056bb231f796d598c4cc5de54
Packers detected: -

Scanner results
Scan taken on 30 May 2008 21:10:06 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
 
Both files you scanned came back clean. :)

Go ahead and do Steps 2-4 from my last post (if you haven't already) and post a fresh HiJackThis Log and the MalwareBytes' Log in your next response.
 
MBAM Log

Malwarebytes' Anti-Malware 1.14
Database version: 805

10:05:43 PM 5/30/2008
mbam-log-5-30-2008 (22-05-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 211080
Time elapsed: 1 hour(s), 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\Documents and Settings\Owner.NON-POLITICIAN\Application Data\ANTIVI~1.EXE.bak (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc73.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc74.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\Documents and Settings\All Users\Application Data\hevavmpk\jizgrwfy.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\Documents and Settings\Owner.NON-POLITICIAN\Application Data\printer.exe.vir (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\Program Files\tmp83116156.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\drvjux.dll.vir (Dialer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\ieupdates.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\ifilfeaf.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\ISECUR~1.CPL.vir (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\ntload.sys.vir (Backdoor.Delf) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\RECYCLER\S-1-5-21-3903599095-1049255070-3049818298-1006\Dc54\Quarantine\C\WINDOWS\system32\update32.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\My Backup\WINDOWS\system32\ntload.dll (Trojan.Qqpass) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP11\A0010538.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP11\A0010539.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------

I am pretty sure that all of these were backups that my virus scanner made when I removed the Zlob virus :)
 
New HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:19 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLHOS~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\121077~1\EE\AOLServiceHost.exe
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopMail.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner.NON-POLITICIAN\My Documents\New Folder(2)\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1210776190\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Spybot - S&D.lnk = C:\Program Files\Spybot - Search & Destroy\SDMain.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C09DEFA-98A4-4877-BA19-3D299B533F7D}: NameServer = 205.152.37.23 205.152.132.23
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

--
End of file - 8912 bytes
 
Free Virus Removal Software

Do you have any suggestions for free virus removal software? I used to have Trend Micro, but my subscription expired. If I can find equally good software for free, I would be very happy. I can get access to DSL pretty soon so size does not matter.
 
Austin8289 said:
Do you have any suggestions for free virus removal software? I used to have Trend Micro, but my subscription expired. If I can find equally good software for free, I would be very happy. I can get access to DSL pretty soon so size does not matter.
Click to expand...

Here are a couple of options of free AV software for you to choose from:

1)Antivir PersonalEdition Classic
2)avast! 4 Home Edition


Download and install only one!

Whatever one you choose be sure to uninstall Trend Micro before installing your new Anti-Virus.


Let me know when you have DSL so I can give you the next step (we are close to the end) for you to do. The next step will be for you to run an online scanner to see if there is anything else malicious on your computer.

When you first run it, you have to download its virus database and its 14MB in size and you mentioned earlier that you can't download anything over 6MB since you are on dial-up. So it'd be best to wait till you have DSL before we continue.
 
Can I download the virus database to a certain location so I can move it to another computer? If not, just go ahead and post the location and I will see if I can download it. It may take a good 2 and a half hours, but then again, some days I am on the internet I can download 7 or 8 mb. things in a little over 30 min.
 
You must log in or register to reply here.
Back
Top