PDA

View Full Version : winbjt32.dll and freinds



solex
2006-09-16, 03:50
Hello,

I'm having problems removing C:\WINDOWS\system32\winbjt32.dll and have tried previous solutions with no luck, just wondering if I should do some thing different.

Thank you in advance!



Logfile of HijackThis v1.99.1
Scan saved at 01:41:43, on 16/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\mscomserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\DOCUME~1\SOLEX\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\ASKS~1\winspool.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Common Files\F?nts\n?pdb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SOLEX\LOCALS~1\Temp\Rar$EX00.031\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R3 - URLSearchHook: (no name) - {6B31A438-35D5-6222-A7DF-6143B46AA49B} - C:\WINDOWS\system32\vvzx.dll
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {6B31A438-35D5-6222-A7DF-6143B46AA49B} - C:\WINDOWS\system32\vvzx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Groove Networks\Groove\Bin\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: 12-Popup - {00000000-0008-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SkypeClient] "C:\Program Files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASKS~1\winspool.exe" -vt yazr
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dlsan] C:\Program Files\Common Files\F?nts\n?pdb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: GuardUSB.lnk = C:\Program Files\Rocus\GuardUSB\GuardUSB.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://officebeta.iponet.net/officeupdate/content/opuc3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\system32\winlogon.dll regedit.dll ? ????C C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winbjt32 - winbjt32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Flash Media Server (FMS) (FMS) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe
O23 - Service: Flash Media Administration Server (FMSAdmin) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe
O23 - Service: Groove Audit Service (GrooveAuditService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveAuditService.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: GrooveRunOnceInstaller - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveRunOnceInstaller.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

teacup61
2006-09-16, 05:23
Hello solex,

Welcome to Safer Networking Forums :)

Yes, you're right, it invited friends to play.:spider:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Thanks,
tea

solex
2006-09-16, 18:44
Hello,

Thank you :) heres the combo fix log - btw it scared the poo out of me when my laptop shut off!

SOLEX - 06-09-16 16:28:48.42 Service Pack 2
ComboFix 06.09.14 - Running from: C:\Documents and Settings\SOLEX\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Y1123OU.exe
C:\WINDOWS\system32\userinit.dll

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINDOWS\MANTEC~1
C:\QooBox\Purity\WINDOWS\CROSOF~1
C:\QooBox\Purity\WINDOWS\ASKS~1
C:\QooBox\Purity\WINDOWS\STEM32~1
C:\QooBox\Purity\WINDOWS\SSTEM3~1
C:\QooBox\Purity\WINDOWS\MBOLS~1
C:\QooBox\Purity\WINDOWS\system32\RACLE~1
C:\QooBox\Purity\WINDOWS\system32\DOBE~1
C:\QooBox\Purity\WINDOWS\system32\MCROSO~1
C:\QooBox\Purity\WINDOWS\system32\SKS~1
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1\?ecurity
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1\dvdplay.exe
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1\?ecurity\!update-4205.0000
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1\?ecurity\!update-4215.0000
C:\QooBox\Purity\WINDOWS\ASKS~1\ASKS~1
C:\QooBox\Purity\WINDOWS\ASKS~1\winspool.exe
C:\QooBox\Purity\WINDOWS\ASKS~1\ASKS~1\ctxad-477.0000
C:\QooBox\Purity\WINDOWS\ASKS~1\ASKS~1\ctxad-477.0001
C:\QooBox\Purity\WINDOWS\ASKS~1\ASKS~1\ctxad-477.0002
C:\QooBox\Purity\WINDOWS\ASKS~1\ASKS~1\ctxad-477.0003
C:\QooBox\Purity\WINDOWS\ASKS~1\ASKS~1\ctxad-477.0004
C:\QooBox\Purity\Program Files\MCROSO~1
C:\QooBox\Purity\Program Files\ASEMBL~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\MCROSO~1
C:\QooBox\Purity\Program Files\Common Files\STEM32~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\ASEMBL~1
C:\QooBox\Purity\Program Files\Common Files\FNTS~1\n?pdb.exe
C:\QooBox\Purity\Documents and Settings\SOLEX\Application Data\ICROSO~1
C:\QooBox\Purity\Documents and Settings\SOLEX\Application Data\SKS~1
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\RACLE~1
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\MANTEC~1
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\YMBOLS~1
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\FNTS~1
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\FNTS~2
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\SEMBLY~1
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\YMBOLS~1\?ymbols
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\YMBOLS~1\services.exe
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\SEMBLY~1\w?crtupd.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-16 to 2006-09-16 ))))))))))))))))))))))))))))))))))


2006-09-16 01:17 92,672 --a------ C:\WINDOWS\system32\KillBox.exe
2006-09-13 13:39 131,072 --a------ C:\WINDOWS\system32\vvzx.dll
2006-09-07 23:23 2 --a------ C:\WINDOWS\system32\wnsapisv.exe
2006-08-19 00:51 126,976 --a------ C:\WINDOWS\system32\mscomserv.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-15 20:23 -------- d-------- C:\Program Files\Safer Networking
2006-09-15 18:46 18944 --a------ C:\WINDOWS\system32\cool.exe
2006-09-15 18:09 -------- d-------- C:\Program Files\Common Files\Nokia
2006-09-09 04:34 -------- d-------- C:\Documents and Settings\SOLEX\Application Data\Yahoo!
2006-09-09 04:21 -------- d-------- C:\Program Files\Logitech
2006-09-07 11:20 145484 --a------ C:\Documents and Settings\SOLEX\Application Data\Cosmos Prefs
2006-09-05 12:09 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-09-04 10:59 -------- d-------- C:\Program Files\Norton AntiVirus
2006-09-04 01:45 176252 --a------ C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
2006-08-21 23:48 -------- d-------- C:\Program Files\Ziosoft
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltMc.exe
2006-08-21 10:14 128896 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-08-21 09:21 -------- d-------- C:\Program Files\XronoX
2006-08-20 19:38 -------- d-------- C:\Program Files\Microsoft Voice Command
2006-08-19 00:43 -------- d-------- C:\Program Files\Microsoft Money 2007
2006-08-17 19:42 -------- d-------- C:\Program Files\Nyditot
2006-08-16 21:42 -------- d-------- C:\Program Files\Opera Software
2006-08-12 23:53 -------- d-------- C:\Program Files\iTunes
2006-08-12 23:53 -------- d-------- C:\Program Files\iPod
2006-08-08 18:07 -------- d-------- C:\Program Files\Pspr
2006-08-08 15:03 -------- d-------- C:\Program Files\ElcomSoft
2006-08-08 14:47 -------- d-------- C:\Program Files\Pinjo revealer
2006-08-08 14:39 -------- d-------- C:\Program Files\SnadBoy's Revelation v2
2006-08-08 00:41 -------- d-------- C:\Program Files\Common Files\Raxco
2006-08-08 00:36 15360 --a------ C:\WINDOWS\system32\BASSMOD.dll
2006-08-06 18:16 81920 --a------ C:\WINDOWS\system32\regedit.dll
2006-08-03 16:44 2508 --a------ C:\Documents and Settings\SOLEX\Application Data\$_hpcst$.hpc
2006-08-01 15:58 -------- d-------- C:\Documents and Settings\SOLEX\Application Data\Flash Video MX
2006-08-01 15:55 -------- d-------- C:\Program Files\GeoVid
2006-08-01 15:55 -------- d-------- C:\Documents and Settings\SOLEX\Application Data\GeoVid
2006-08-01 02:20 -------- d-------- C:\Program Files\Macromedia
2006-07-31 11:28 -------- d-------- C:\Program Files\Microsoft Small Business
2006-07-31 11:23 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-07-31 11:12 -------- d-------- C:\Program Files\MSBuild
2006-07-31 11:12 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-07-31 11:11 -------- d-------- C:\Program Files\Microsoft Visual Studio 8
2006-07-31 01:11 -------- d-------- C:\Program Files\Microsoft.NET
2006-07-31 01:11 -------- d-------- C:\Program Files\Microsoft Works
2006-07-31 00:14 -------- d-------- C:\Documents and Settings\SOLEX\Application Data\OfficeUpdate12
2006-07-31 00:06 -------- d-------- C:\Program Files\Groove Networks
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 23:47 -------- d-------- C:\Program Files\Microsoft AutoRoute
2006-07-25 01:30 -------- d-------- C:\Program Files\Windows Desktop Search
2006-07-24 23:24 -------- d-------- C:\Program Files\WinPIM Sync
2006-07-23 23:52 -------- d-------- C:\Program Files\Azureus
2006-07-23 23:52 -------- d-------- C:\Documents and Settings\SOLEX\Application Data\Azureus
2006-07-23 23:02 -------- d-------- C:\Program Files\RoyalTek
2006-07-23 20:21 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-07-21 09:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-19 13:46 -------- d-------- C:\Program Files\Cute Organizer
2006-07-18 13:18 -------- d-------- C:\Program Files\PIM
2006-07-18 09:19 -------- d-------- C:\Program Files\WinOrganizer
2006-07-17 20:12 1367 --a------ C:\Documents and Settings\SOLEX\Application Data\Desktop Sidebardeletedmessages.txt
2006-07-17 13:08 -------- d-------- C:\Program Files\Desktop Sidebar
2006-07-17 08:08 523264 --a------ C:\WINDOWS\opuc.dll
2006-07-04 14:26 704000 --a------ C:\WINDOWS\system32\DAAPI.dll
2006-07-04 14:25 245760 --a------ C:\WINDOWS\system32\VersitConverter.dll
2006-07-04 14:25 131072 --a------ C:\WINDOWS\system32\NclAPI.dll
2006-06-26 16:13 129832 --a------ C:\WINDOWS\system32\rapi.dll
2006-06-26 16:12 20264 --a------ C:\WINDOWS\system32\ceutil.dll
2006-06-26 10:09 323624 --a------ C:\WINDOWS\system32\wiaaut.dll
2006-06-22 15:29 513584 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2006-06-22 15:29 263728 --a------ C:\WINDOWS\system32\LVCodec2.dll
2006-06-22 15:29 210480 --a------ C:\WINDOWS\system32\LVUI2.dll
2006-06-22 15:29 116272 --a------ C:\WINDOWS\system32\lvcoinst.dll
2006-06-22 13:51 4770 --a------ C:\WINDOWS\system32\Repository.reg
2006-06-22 06:06 69120 --a------ C:\WINDOWS\system32\ciodm.dll
2006-06-01 01:06 774144 --a------ C:\Program Files\RngInterstitial.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"SkypeClient"="\"C:\\Program Files\\PDT\\VoIPVoiceIntegration\\VoIPVoice Integration.exe\""
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Bwer"="\"C:\\WINDOWS\\ASKS~1\\winspool.exe\" -vt yazr"
"H/PC Connection Agent"="\"C:\\PROGRA~1\\MICROS~3\\wcescomm.exe\""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Dlsan"="C:\\Program Files\\Common Files\\F?nts\\n?pdb.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"PCMService"="\"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe\""
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
"LManager"="C:\\PROGRA~1\\LAUNCH~1\\QtZgAcer.EXE"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"LogitechVideo[inspector]"="C:\\Program Files\\Acer\\OrbiCam\\InstallHelper.exe /inspect"
"ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"RTHDCPL"="RTHDCPL.EXE"
"SkyTel"="SkyTel.EXE"
"Alcmtr"="ALCMTR.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe"
"Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"dvd43"="C:\\Program Files\\dvd43\\dvd43_tray.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,20,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,d2,03,00,00,23,00,00,00,1c,01,00,00,dc,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Bwer"="\"C:\\WINDOWS\\system32\\ECURIT~1\\dvdplay.exe\" -vt ndrv"
@="C:\\MCONFI~1.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"Bwer"="\"C:\\WINDOWS\\system32\\ECURIT~1\\dvdplay.exe\" -vt ndrv"
@="C:\\MCONFI~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=""
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="Groove GFS Stub Execution Hook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"Eyeball Chat"="\"C:\\PROGRA~1\\EYEBALL\\EYEBAL~1\\EyeballChat.exe\" -min"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"TotalInput"="C:\\Program Files\\XronoX\\TotalInput\\TotalInputServer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Groove Virtual Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Groove Virtual Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Groove Virtual Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GROOVE~1\\Groove\\Bin\\Groove.exe "
"item"="Groove Virtual Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - SOLEX.job

Completion time: 16/09/2006 16:31:48.07
ComboFix.txt


////////////////////////////////////////////////////////////////////////

and the hjthis log:

////////////////////////////////////////////////////////////////////////

solex
2006-09-16, 18:45
Logfile of HijackThis v1.99.1
Scan saved at 16:39:32, on 16/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\mscomserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\DOCUME~1\SOLEX\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SOLEX\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R3 - URLSearchHook: (no name) - {6B31A438-35D5-6222-A7DF-6143B46AA49B} - C:\WINDOWS\system32\vvzx.dll
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: (no name) - {6B31A438-35D5-6222-A7DF-6143B46AA49B} - C:\WINDOWS\system32\vvzx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Groove Networks\Groove\Bin\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SkypeClient] "C:\Program Files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bwer] "C:\WINDOWS\ASKS~1\winspool.exe" -vt yazr
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Dlsan] C:\Program Files\Common Files\F?nts\n?pdb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: GuardUSB.lnk = C:\Program Files\Rocus\GuardUSB\GuardUSB.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://officebeta.iponet.net/officeupdate/content/opuc3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\system32\winlogon.dll regedit.dll ? ????C C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Flash Media Server (FMS) (FMS) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe
O23 - Service: Flash Media Administration Server (FMSAdmin) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe
O23 - Service: Groove Audit Service (GrooveAuditService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveAuditService.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: GrooveRunOnceInstaller - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveRunOnceInstaller.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


Thank you for you help!

Solex

teacup61
2006-09-16, 19:24
Hello,

Wow.....Lots of Purity Scan deleted, and still some showing in your log.:fear:

Just in case the uninstaller is still there, please do the following:

Look in your control panel's add/remove programs for PuritySCAN By OIN, OuterInfo, OIN, Cowabanga, SnowballWars or similar. Click on it and then click remove.

Reboot and if found, delete this folder:

C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
http://www.outerinfo.com/howto.html
Tutorial for the uninstaller if needed

Reboot when done and if found, delete this folder:

C:\Program Files\PurityScan

Please download, install, and update Ewido anti-spyware (http://www.ewido.net/en/download/)


Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Close ewido. Do not run it yet.


Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - {6B31A438-35D5-6222-A7DF-6143B46AA49B} - C:\WINDOWS\system32\vvzx.dll
O2 - BHO: (no name) - {6B31A438-35D5-6222-A7DF-6143B46AA49B} - C:\WINDOWS\system32\vvzx.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: "C:\WINDOWS\ASKS~1\winspool.exe" -vt yazr
O4 - HKCU\..\Run: [Dlsan] C:\Program Files\Common Files\F?nts\n?pdb.exe
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O23 - Service: MS Common Service - Unknown owner - C:\WINDOWS\system32\mscomserv.exe

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Navigate to and delete the following files/folders, if still present:

C:\WINDOWS\system32\vvzx.dll
C:\WINDOWS\ASKS~1<----this folder. May be longer, but will begin with those letters.
C:\Program Files\Common Files\F?nts<---this folder. It will likely look like "Fonts", and will contain the file "n?pdb.exe"
C:\WINDOWS\system32\mscomserv.exe
ALCMTR.EXE <---this will likely be in system32, but you may have to search for it.


In Safe Mode, load Ewido and click on the [b]Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.


In your reply, please post the report from Ewido and a new HijackThis log. How is your computer running now? :)

Thanks,
tea

solex
2006-09-20, 18:30
Great :) sorry for the late reply ive ben away for the weekend, heres the logs :):

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:58:58 20/09/2006

+ Scan result:



C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\SEMBLY~1\wυcrtupd.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP155\A0057592.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP157\A0058100.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP157\A0058103.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP159\A0059400.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP159\A0059437.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP160\A0060457.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP160\A0060459.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP167\A0062858.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP167\A0062960.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP167\A0062978.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\SOLEX\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\SOLEX\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\SOLEX\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\SOLEX\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\SOLEX\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\SOLEX\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhenUSaveMsg -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1\dvdplay.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\QooBox\Purity\Documents and Settings\SOLEX\My Documents\YMBOLS~1\services.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\system32\ECURIT~1\ѕecurity\!update-4205.0000 -> Downloader.PurityScan.cz : Cleaned with backup (quarantined).
C:\QooBox\Purity\WINDOWS\ASKS~1\winspool.exe -> Downloader.PurityScan.da : Cleaned with backup (quarantined).
:mozilla.244:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.245:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.109:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.569:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.579:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.596:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.660:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.672:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.675:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.703:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.727:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.771:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.621:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.87:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.88:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.89:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.481:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.482:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.289:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.291:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.255:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.256:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.257:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.258:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.259:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.697:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.50:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.445:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.528:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.320:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.192:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.193:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.418:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.419:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.420:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.421:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.422:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.423:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.519:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.520:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.583:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.21:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.835:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.836:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.397:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.632:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.801:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.802:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.51:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.52:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.53:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.54:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.55:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.340:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.341:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.342:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.46:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.263:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.447:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.448:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.513:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.172:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.173:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.174:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.175:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.280:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.281:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.344:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.345:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.539:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.642:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.743:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

solex
2006-09-20, 18:30
:mozilla.745:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.746:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.753:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.755:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.685:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.686:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.687:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.688:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.521:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.650:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.246:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.247:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.248:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.253:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.254:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.264:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.265:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.501:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.611:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.44:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.45:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.137:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.826:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.827:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned.
:mozilla.96:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.98:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.293:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.294:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.295:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.698:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.699:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.700:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.701:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.673:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.838:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.839:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.405:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.406:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.407:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.522:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.214:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.215:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.216:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.217:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.218:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.219:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.220:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.221:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.222:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.223:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.224:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.225:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.194:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.195:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.473:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.48:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.49:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.837:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.640:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.641:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.573:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.574:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.575:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.576:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.19:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.182:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.183:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.184:C:\Documents and Settings\SOLEX\Application Data\Mozilla\Firefox\Profiles\clbc6md4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Microsoft Money 2007\MNYCoreFiles\mnyupdate.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP167\A0062989.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).
D:\Microsoft.Money.2007.Home&Business\Microsoft.Money.2007.Home&Business.rar/Microsoft.Money.2007.Home&Business\money\update.exe -> Trojan.Agent.ye : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP160\A0059475.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP160\A0060463.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP161\A0061459.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP163\A0061527.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP163\A0061561.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP167\A0061790.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C174DC8D-D03B-4FB1-AE2D-E56D3A107BCF}\RP167\A0062746.dll -> Trojan.Mezzia.h : Cleaned with backup (quarantined).


::Report end

solex
2006-09-20, 18:32
Logfile of HijackThis v1.99.1
Scan saved at 16:09:57, on 20/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\DOCUME~1\SOLEX\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\PCSuite\Services\NclBTHandler.exe
C:\Program Files\SkypeIntegration\SkypeIntegration\SkypeClient.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SOLEX\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
O2 - BHO: 12Ghosts Popup-Killer - {00000000-0007-5041-4354-0020e48020af} - C:\Program Files\12Ghosts\12popup.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Groove Networks\Groove\Bin\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SkypeClient] "C:\Program Files\PDT\VoIPVoiceIntegration\VoIPVoice Integration.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: GuardUSB.lnk = C:\Program Files\Rocus\GuardUSB\GuardUSB.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://officebeta.iponet.net/officeupdate/content/opuc3.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\windows\system32\winlogon.dll regedit.dll ? ????C C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Flash Media Server (FMS) (FMS) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe
O23 - Service: Flash Media Administration Server (FMSAdmin) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe
O23 - Service: Groove Audit Service (GrooveAuditService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveAuditService.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: GrooveRunOnceInstaller - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveRunOnceInstaller.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


Theres the logs :) Any thing still in there?

teacup61
2006-09-22, 02:01
Hello,

If you do not know the following, then please fix it. I don't like the mispelling of the word "search".

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

Close all browsers and other windows except for HijackThis!, and click "Fix Checked".

Delete the following:

C:\WINDOWS\system32\ToolBand.dll

Reboot your computer.

Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online http://www.pandasoftware.com/products/activescan.htm
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report in your next reply together with a fresh HijackThis log.

Thanks,
tea

tashi
2006-09-27, 18:14
solex, still with us?

tashi
2006-10-03, 01:17
:spider:

This topic has been archived due to lack of a response.
If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.