My computer is sending unwanted emails when online [Archive]

View Full Version : My computer is sending unwanted emails when online

brhenzy2k4

2006-10-26, 00:34

I keep getting loads of messages from Symantec when online:

"Your email message was unable to be sent because your mail server rejected the message".

None of my anti virus and adware/spyware removers can get rid of it.
I was told to post my Hijackthis log file.
Can a member of Team Spybot help please?!
Here is my Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 23:04:54, on 25/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
D:\Program Files\btbb_wcm\McciTrayApp.exe
D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
D:\WINDOWS\system32\drivers\STDSB.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\WINDOWS\system32\drivers\Icon.exe
D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
D:\WINDOWS\System32\VTTimer.exe
D:\WINDOWS\System32\VTtrayp.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\slmdmsr.exe
D:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wininet.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\blandine c\My Documents\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - D:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [STDSB] D:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] D:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = D:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rpcc - D:\WINDOWS\System32\rpcc.dll
O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - D:\WINDOWS\System32\svshost.dll
O21 - SSODL: DCOM Server 2240 - {2C1CD3D7-86AC-4068-93BC-A02304BB2240} - D:\WINDOWS\System32\tavotx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPCSER~1.EXE

illukka

2006-10-26, 06:15

hi

you seem to have 2 different anti viruses installed, this will cause conflicts and crashes, and general system lag.
please remove either avast or symantec antivirus by uninstalling it from control panel> add remove programs.

First download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

also post a new hijackthis log

brhenzy2k4

2006-10-27, 00:09

Hi
Thanks for your help.

Here are the results of the AVG Anti-Spyware report scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 20:49:31 26/10/2006

+ Scan result:

D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP36\A0004664.dll -> Adware.BHO : No action taken.
D:\WINDOWS\system32\nvritf.dll -> Adware.BHO : No action taken.
D:\WINDOWS\system32\~isdwt.tmp -> Adware.BHO : No action taken.
[780] D:\WINDOWS\System32\nvritf.dll -> Adware.BHO : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP44\A0007795.dll -> Adware.Softomate : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP44\A0007796.dll -> Adware.Softomate : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0007642.exe -> Backdoor.MSNMaker.w : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP43\A0007683.rbf -> Backdoor.MSNMaker.w : No action taken.
C:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP43\A0007728.exe -> Downloader.Adload.fu : No action taken.
C:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP43\A0007725.exe -> Downloader.Adload.ha : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0006582.exe -> Downloader.Adload.hd : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0006612.exe -> Downloader.Adload.hd : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0007644.exe -> Downloader.Adload.hd : No action taken.
C:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0006586.exe -> Downloader.Small.ctf : No action taken.
C:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP43\A0007679.exe -> Downloader.Small.ctf : No action taken.
C:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP43\A0007726.exe -> Downloader.Small.ctf : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP40\A0006410.exe -> Downloader.Tibs.ir : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0007643.exe -> Downloader.Tibs.ir : No action taken.
D:\WINDOWS\system32\image1.gif.exe -> Downloader.Tibs.ir : No action taken.
D:\WINDOWS\system32\taskdir.exe -> Downloader.Tibs.ir : No action taken.
C:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0006583.exe -> Downloader.VB.afl : No action taken.
C:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0006613.exe -> Downloader.VB.afl : No action taken.
C:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP43\A0007727.exe -> Downloader.VB.afl : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@clickbank[1].txt -> TrackingCookie.Clickbank : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@com[1].txt -> TrackingCookie.Com : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@media.fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
D:\Documents and Settings\blandine c\Cookies\blandine c@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0006584.exe -> Trojan.Sinowal.be : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP42\A0006614.exe -> Trojan.Sinowal.be : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP43\A0007677.exe -> Trojan.Sinowal.be : No action taken.
D:\System Volume Information\_restore{EB81AD2B-680A-4A53-9D88-79A0DEA92000}\RP44\A0007797.exe -> Trojan.Sinowal.be : No action taken.

::Report end

-----------------------------------------------

And here is the new Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 22:54:53, on 26/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\slmdmsr.exe
D:\Program Files\Symantec AntiVirus\Rtvscan.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\PROGRA~1\SYMANT~1\VPTray.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
D:\Program Files\Symantec AntiVirus\DoScan.exe
D:\Program Files\btbb_wcm\McciTrayApp.exe
D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
D:\WINDOWS\system32\drivers\STDSB.exe
D:\WINDOWS\system32\drivers\Icon.exe
D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
D:\PROGRA~1\Yahoo!\browser\ycommon.exe
D:\WINDOWS\System32\VTTimer.exe
D:\WINDOWS\System32\VTtrayp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wininet.exe
D:\Documents and Settings\blandine c\My Documents\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - D:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] D:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] D:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] D:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [STDSB] D:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] D:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = D:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\common\yinsthelper.dll
O20 - Winlogon Notify: NavLogon - D:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: rpcc - D:\WINDOWS\System32\rpcc.dll
O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - D:\WINDOWS\System32\svshost.dll
O21 - SSODL: DCOM Server 2240 - {2C1CD3D7-86AC-4068-93BC-A02304BB2240} - D:\WINDOWS\System32\tavotx.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - D:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - D:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - D:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - D:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - D:\WINDOWS\system32\YPCSER~1.EXE

Thanks!

illukka

2006-10-27, 10:45

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

brhenzy2k4

2006-10-27, 17:03

Here is the Combofix log:

blandine c - 06-10-27 15:53:06.62 Service Pack 1
ComboFix 06.10.19 - Running from: "D:\Documents and Settings\blandine c\My Documents\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

D:\Program Files\Common Files\{3CE3BA90-0571-1033-1007-05002c}
D:\Program Files\Common Files\{ACE3BA90-0571-1033-1007-05002c}

((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))

2006-10-26 19:06 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24 17:01 78,488 --a------ D:\WINDOWS\system32\XMD5.dll
2006-10-24 17:01 101,888 --a------ D:\WINDOWS\system32\vb6stkit.dll
2006-10-23 14:01 26,112 --a------ D:\WINDOWS\system32\rpcc.dll
2006-10-22 19:47 160,768 --a------ D:\WINDOWS\system32\tavotx.dll
2006-10-22 19:46 5,632 --a------ D:\WINDOWS\system32\wininet.exe
2006-10-22 19:46 2,560 --a------ D:\WINDOWS\system32\svshost.dll
2006-10-19 00:54 84,480 --a------ D:\WINDOWS\system32\drivers\U81xmdm.sys
2006-10-19 00:54 77,472 --a------ D:\WINDOWS\system32\drivers\U81xmgmt.sys
2006-10-19 00:54 75,456 --a------ D:\WINDOWS\system32\drivers\U81xobex.sys
2006-10-19 00:54 6,144 --a------ D:\WINDOWS\system32\drivers\U81xcmnt.sys
2006-10-19 00:54 6,144 --a------ D:\WINDOWS\system32\drivers\U81xcm.sys
2006-10-19 00:54 6,064 --a------ D:\WINDOWS\system32\drivers\U81xmdfl.sys
2006-10-19 00:54 52,352 --a------ D:\WINDOWS\system32\drivers\U81xbus.sys
2006-10-19 00:54 5,744 --a------ D:\WINDOWS\system32\drivers\U81xwhnt.sys
2006-10-19 00:54 5,744 --a------ D:\WINDOWS\system32\drivers\U81xwh.sys
2006-10-15 12:51 146,675 --a------ D:\WINDOWS\system32\1160916658.exe
2006-10-14 21:19 131,584 --a------ D:\WINDOWS\system32\SpoonUninstall.exe
2006-10-10 19:03 421,888 D:\WINDOWSNero PhotoShow.scr
2006-10-10 19:03 38,912 --a------ D:\WINDOWS\system32\picn20.dll
2006-10-10 19:03 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll
2006-10-10 18:34 83,968 --a------ D:\WINDOWS\system32\drivers\nabtsfec.sys
2006-10-10 18:34 733,184 --a------ D:\WINDOWS\system32\qedwipes.dll
2006-10-10 18:34 7,424 --a------ D:\WINDOWS\system32\drivers\mskssrv.sys
2006-10-10 18:34 64,512 --a------ D:\WINDOWS\system32\amstream.dll
2006-10-10 18:34 52,096 --a------ D:\WINDOWS\system32\drivers\msdv.sys
2006-10-10 18:34 5,504 --a------ D:\WINDOWS\system32\drivers\mstee.sys
2006-10-10 18:34 5,248 --a------ D:\WINDOWS\system32\drivers\mspclock.sys
2006-10-10 18:34 48,512 --a------ D:\WINDOWS\system32\drivers\stream.sys
2006-10-10 18:34 470,528 --a------ D:\WINDOWS\system32\qdvd.dll
2006-10-10 18:34 47,104 --a------ D:\WINDOWS\system32\wstdecod.dll
2006-10-10 18:34 4,608 --a------ D:\WINDOWS\system32\drivers\mspqm.sys
2006-10-10 18:34 4,096 --a------ D:\WINDOWS\system32\ksuser.dll
2006-10-10 18:34 4,096 --a------ D:\WINDOWS\system32\drivers\swenum.sys
2006-10-10 18:34 354,816 --a------ D:\WINDOWS\system32\psisdecd.dll
2006-10-10 18:34 34,304 --a------ D:\WINDOWS\system32\mciqtz32.dll
2006-10-10 18:34 324,096 --a------ D:\WINDOWS\system32\mswebdvd.dll
2006-10-10 18:34 316,928 --a------ D:\WINDOWS\system32\qdv.dll
2006-10-10 18:34 257,024 --a------ D:\WINDOWS\system32\qcap.dll
2006-10-10 18:34 18,944 --a------ D:\WINDOWS\system32\encapi.dll
2006-10-10 18:34 18,688 --a------ D:\WINDOWS\system32\drivers\wstcodec.sys
2006-10-10 18:34 16,896 --a------ D:\WINDOWS\system32\msyuv.dll
2006-10-10 18:34 16,384 --a------ D:\WINDOWS\system32\drivers\ccdecode.sys
2006-10-10 18:34 15,104 --a------ D:\WINDOWS\system32\drivers\mpe.sys
2006-10-10 18:34 14,976 --a------ D:\WINDOWS\system32\drivers\streamip.sys
2006-10-10 18:34 132,608 --a------ D:\WINDOWS\system32\devenum.dll
2006-10-10 18:34 130,304 --a------ D:\WINDOWS\system32\drivers\ks.sys
2006-10-10 18:34 13,312 --a------ D:\WINDOWS\system32\msdmo.dll
2006-10-10 18:34 11,392 --a------ D:\WINDOWS\system32\drivers\bdasup.sys
2006-10-10 18:34 10,880 --a------ D:\WINDOWS\system32\drivers\slip.sys
2006-10-10 18:34 10,112 --a------ D:\WINDOWS\system32\drivers\ndisip.sys
2006-10-10 18:34 1,962,496 --a------ D:\WINDOWS\system32\quartz.dll
2006-10-10 18:34 1,798,144 --a------ D:\WINDOWS\system32\qedit.dll
2006-10-10 18:34 1,230,336 --a------ D:\WINDOWS\system32\msvidctl.dll
2006-10-10 18:33 98,816 --a------ D:\WINDOWS\system32\dmstyle.dll
2006-10-10 18:33 974,848 --a------ D:\WINDOWS\system32\dxdiag.exe
2006-10-10 18:33 80,896 --a------ D:\WINDOWS\system32\dpvsetup.exe
2006-10-10 18:33 8,192 --a------ D:\WINDOWS\system32\d3d8thk.dll
2006-10-10 18:33 797,184 --a------ D:\WINDOWS\system32\d3dim700.dll
2006-10-10 18:33 79,360 --a------ D:\WINDOWS\system32\dpwsockx.dll
2006-10-10 18:33 77,824 --a------ D:\WINDOWS\system32\dpmodemx.dll
2006-10-10 18:33 76,800 --a------ D:\WINDOWS\system32\dmscript.dll
2006-10-10 18:33 723,968 --a------ D:\WINDOWS\system32\dpnet.dll
2006-10-10 18:33 68,096 --a------ D:\WINDOWS\system32\dpnhupnp.dll
2006-10-10 18:33 602,624 --a------ D:\WINDOWS\system32\dx7vb.dll
2006-10-10 18:33 58,368 --a------ D:\WINDOWS\system32\dmcompos.dll
2006-10-10 18:33 491,520 --a------ D:\WINDOWS\system32\dsdmoprp.dll
2006-10-10 18:33 46,592 --a------ D:\WINDOWS\system32\dxdllreg.exe
2006-10-10 18:33 381,952 --a------ D:\WINDOWS\system32\dsound.dll
2006-10-10 18:33 381,952 --a------ D:\WINDOWS\system32\dpvoice.dll
2006-10-10 18:33 33,280 --a------ D:\WINDOWS\system32\dmloader.dll
2006-10-10 18:33 32,768 --a------ D:\WINDOWS\system32\dpnhpast.dll
2006-10-10 18:33 3,072 --a------ D:\WINDOWS\system32\dpnlobby.dll
2006-10-10 18:33 3,072 --a------ D:\WINDOWS\system32\dpnaddr.dll
2006-10-10 18:33 292,864 --a------ D:\WINDOWS\system32\ddraw.dll
2006-10-10 18:33 28,160 --a------ D:\WINDOWS\system32\dplaysvr.exe
2006-10-10 18:33 27,136 --a------ D:\WINDOWS\system32\dmband.dll
2006-10-10 18:33 24,064 --a------ D:\WINDOWS\system32\ddrawex.dll
2006-10-10 18:33 230,400 --a------ D:\WINDOWS\system32\dplayx.dll
2006-10-10 18:33 19,968 --a------ D:\WINDOWS\system32\dpvacm.dll
2006-10-10 18:33 186,880 --a------ D:\WINDOWS\system32\dsdmo.dll
2006-10-10 18:33 181,248 --a------ D:\WINDOWS\system32\dmime.dll
2006-10-10 18:33 18,432 --a------ D:\WINDOWS\system32\dswave.dll
2006-10-10 18:33 16,896 --a------ D:\WINDOWS\system32\dpnsvr.exe
2006-10-10 18:33 122,880 --a------ D:\WINDOWS\system32\dmusic.dll
2006-10-10 18:33 112,128 --a------ D:\WINDOWS\system32\dpvvox.dll
2006-10-10 18:33 100,864 --a------ D:\WINDOWS\system32\dmsynth.dll
2006-10-10 18:33 1,769,472 --a------ D:\WINDOWS\system32\dxdiagn.dll
2006-10-10 18:33 1,703,936 --a------ D:\WINDOWS\system32\d3d9.dll
2006-10-10 18:33 1,294,336 --a------ D:\WINDOWS\system32\dsound3d.dll
2006-10-10 18:33 1,201,152 --a------ D:\WINDOWS\system32\d3d8.dll
2006-10-10 18:33 1,189,888 --a------ D:\WINDOWS\system32\dx8vb.dll
2006-10-09 16:06 24,576 --a------ D:\WINDOWS\system32\STKIT432.DLL
2006-10-08 18:17 86,016 --a------ D:\WINDOWS\SmCfg.exe
2006-10-08 18:17 540,672 --a------ D:\WINDOWS\system32\SLLights.dll
2006-10-08 18:17 380,928 --a------ D:\WINDOWS\system32\slmh.exe
2006-10-08 18:17 225,280 --a------ D:\WINDOWS\system32\amr_cpl.dll
2006-10-08 18:17 180,224 --a------ D:\WINDOWS\system32\minirec.exe
2006-10-08 18:17 15,000 --a------ D:\WINDOWS\system32\drivers\winddx.sys
2006-10-08 17:07 35,840 --a------ D:\WINDOWS\system32\drivers\isapnp.sys
2006-10-08 06:50 90,112 --a------ D:\WINDOWS\system32\dpl100.dll
2006-10-08 06:50 620,180 --a------ D:\WINDOWS\system32\divx.dll
2006-10-08 06:50 593,938 --a------ D:\WINDOWS\system32\x264vfw.dll
2006-10-08 06:50 5,120 --a------ D:\WINDOWS\system32\ff_vfw.dll
2006-10-08 06:50 3,596,288 --a------ D:\WINDOWS\system32\qt-dx331.dll
2006-10-08 06:50 200,704 --a------ D:\WINDOWS\system32\ssldivx.dll
2006-10-08 06:50 200,704 --a------ D:\WINDOWS\system32\dtu100.dll
2006-10-08 06:50 1,044,480 --a------ D:\WINDOWS\system32\libdivx.dll
2006-10-08 06:36 338,432 --a------ D:\WINDOWS\system32\ir41_qcx.dll
2006-10-08 06:36 27,648 --a------ D:\WINDOWS\system32\ir50_lcs.dll
2006-10-08 06:36 198,144 --a------ D:\WINDOWS\system32\ir50_qc.dll
2006-10-08 06:36 181,760 --a------ D:\WINDOWS\system32\ir50_qcx.dll
2006-10-08 06:36 120,320 --a------ D:\WINDOWS\system32\ir41_qc.dll
2006-10-08 06:33 745,984 --a------ D:\WINDOWS\system32\ir50_32.dll
2006-10-08 06:33 56,832 --a------ D:\WINDOWS\system32\Iyvu9_32.dll
2006-10-08 06:33 136,704 --a------ D:\WINDOWS\system32\iacenc.dll
2006-10-08 06:30 306,688 --a------ D:\WINDOWS\IsUninst.exe
2006-10-08 06:18 414,272 --a------ D:\WINDOWS\system32\DivXc32f.dll
2006-10-08 06:18 414,272 --a------ D:\WINDOWS\system32\DivXc32.dll
2006-10-08 06:18 33,280 --a------ D:\WINDOWS\system32\HUFFYUV.DLL
2006-09-29 17:22 36,528 --------- D:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-29 17:22 2,560 --------- D:\WINDOWS\system32\drivers\cdralw2k.sys
2006-09-29 17:22 2,432 --------- D:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-09-29 17:22 129,784 --------- D:\WINDOWS\system32\pxafs.dll
2006-09-29 17:22 115,880 --------- D:\WINDOWS\system32\pxinsi64.exe
2006-09-29 17:07 228,971 --a------ D:\WINDOWS\Burn4Free_Toolbar_Uninstaller_1812.exe
2006-09-27 14:24 7,552 --a------ D:\WINDOWS\system32\drivers\SONYPVU1.SYS
2006-09-27 00:48 465,176 --a------ D:\WINDOWS\system32\wuapi.dll
2006-09-27 00:48 41,240 --a------ D:\WINDOWS\system32\wups.dll
2006-09-27 00:48 194,328 --a------ D:\WINDOWS\system32\wuaueng1.dll
2006-09-27 00:48 173,536 --a------ D:\WINDOWS\system32\wuweb.dll
2006-09-27 00:48 172,312 --a------ D:\WINDOWS\system32\wuauclt1.exe
2006-09-27 00:48 127,256 --a------ D:\WINDOWS\system32\wucltui.dll

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-27 15:53 -------- d-------- D:\Program Files\Common Files
2006-10-27 15:35 -------- d-------- D:\Program Files\Symantec AntiVirus
2006-10-27 02:23 2560 --a------ D:\WINDOWS\system32\BitCometRes.dll
2006-10-26 19:06 -------- d-------- D:\Program Files\Grisoft
2006-10-26 02:48 -------- d-------- D:\Program Files\Windows Media Player
2006-10-26 02:17 -------- d-------- D:\Program Files\TVAnts
2006-10-26 02:15 -------- d-------- D:\Program Files\SatelliteTVforPC
2006-10-26 01:23 -------- d-------- D:\Program Files\BitComet
2006-10-25 21:47 -------- d-------- D:\Program Files\AdwareAlert
2006-10-25 20:38 -------- d-------- D:\Program Files\Lavasoft
2006-10-25 20:38 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Lavasoft
2006-10-23 13:47 -------- d-------- D:\Program Files\MSN Messenger
2006-10-22 22:06 -------- d---s---- D:\Documents and Settings\blandine c\Application Data\Microsoft
2006-10-22 21:02 -------- d--h----- D:\Program Files\WindowsUpdate
2006-10-22 21:02 -------- d-------- D:\Program Files\Windows NT
2006-10-22 21:00 -------- d-------- D:\Program Files\MSN Gaming Zone
2006-10-22 03:20 -------- d-------- D:\Program Files\Winamp
2006-10-19 18:22 -------- d-------- D:\Program Files\MessengerPlus! 3
2006-10-18 12:35 -------- d-------- D:\Program Files\GordianKnot
2006-10-18 00:43 -------- d-------- D:\Program Files\mIRC
2006-10-16 23:20 -------- d-------- D:\Program Files\Free iPod Video Converter
2006-10-14 21:19 -------- d-------- D:\Program Files\Illustrate
2006-10-14 16:45 -------- d-------- D:\Documents and Settings\blandine c\Application Data\BitTorrent
2006-10-14 16:18 -------- d-------- D:\Program Files\SopCast
2006-10-14 16:18 -------- d-------- D:\Documents and Settings\blandine c\Application Data\SopCast
2006-10-13 11:53 -------- d-------- D:\Program Files\Alwil Software
2006-10-12 12:08 -------- d-------- D:\Program Files\Common Files\NSIS
2006-10-11 16:48 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Snapfish
2006-10-10 19:04 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Ahead
2006-10-10 19:03 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Simple Star
2006-10-10 19:02 -------- d-------- D:\Program Files\Ahead
2006-10-10 18:37 -------- d-------- D:\Program Files\Nero
2006-10-10 18:37 -------- d-------- D:\Program Files\Common Files\Ahead
2006-10-10 18:17 -------- d-------- D:\Program Files\MagicISO
2006-10-10 17:50 -------- d-------- D:\Documents and Settings\blandine c\Application Data\ImgBurn
2006-10-10 17:08 -------- d-------- D:\Program Files\ImgBurn
2006-10-10 15:37 -------- d-------- D:\Program Files\WinZip
2006-10-09 20:08 -------- d-------- D:\Program Files\Avi2Dvd
2006-10-09 19:53 -------- d-------- D:\Program Files\DVD Decrypter
2006-10-09 16:44 -------- d-------- D:\Program Files\Microsoft Bootvis
2006-10-09 16:06 -------- d-------- D:\Program Files\Registry Mechanic
2006-10-08 19:23 -------- d-------- D:\Documents and Settings\blandine c\Application Data\AdobeUM
2006-10-08 19:23 -------- d-------- D:\Documents and Settings\blandine c\Application Data\AdobeAUM
2006-10-08 19:23 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Adobe
2006-10-08 18:55 -------- d-------- D:\Program Files\Common Files\Adobe
2006-10-08 18:52 1557 --a------ D:\Documents and Settings\blandine c\Application Data\AdobeDLM.log
2006-10-08 18:52 0 --a------ D:\Documents and Settings\blandine c\Application Data\dm.ini
2006-10-08 18:52 -------- d-------- D:\Program Files\Adobe
2006-10-08 18:40 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Apple Computer
2006-10-08 16:49 -------- d-------- D:\Program Files\VIA
2006-10-08 16:24 -------- d-------- D:\Program Files\iTunes
2006-10-08 16:23 -------- d-------- D:\Program Files\iPod
2006-10-08 16:21 -------- d-------- D:\Program Files\QuickTime
2006-10-08 16:17 -------- d-------- D:\Program Files\Apple Software Update
2006-10-08 15:06 -------- d-------- D:\Program Files\AviSynth 2.5
2006-10-08 06:50 -------- d-------- D:\Program Files\K-Lite Codec Pack
2006-10-08 06:41 -------- d-------- D:\Program Files\The Playa
2006-10-08 06:40 -------- d-------- D:\Program Files\MediaTV
2006-10-08 06:33 -------- d-------- D:\Program Files\Ligos
2006-10-08 06:19 -------- d-------- D:\Program Files\Gabest
2006-10-08 06:02 -------- d-------- D:\Program Files\XviD
2006-10-08 04:15 -------- d-------- D:\Documents and Settings\blandine c\Application Data\LG Electronics
2006-09-29 18:39 -------- d-------- D:\Program Files\Burn4Free
2006-09-29 17:07 -------- d-------- D:\Program Files\Burn4Free Toolbar
2006-09-29 15:28 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Sun
2006-09-29 02:26 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Media Player Classic
2006-09-29 01:21 -------- d-------- D:\Documents and Settings\blandine c\Application Data\LimeWire
2006-09-28 17:22 -------- d-------- D:\Program Files\Trillian
2006-09-28 14:16 -------- d-------- D:\Program Files\7-Zip
2006-09-27 02:24 -------- d-------- D:\Program Files\LimeWire
2006-09-27 02:23 -------- d-------- D:\Program Files\Java
2006-09-27 01:37 -------- d-------- D:\Program Files\Common Files\Java
2006-09-27 01:15 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Motive
2006-09-26 16:09 -------- d--h----- D:\Program Files\InstallShield Installation Information
2006-09-26 16:09 -------- d-------- D:\Program Files\IEEE 802.11 Wireless LAN
2006-09-26 12:59 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Macromedia
2006-09-26 12:56 -------- d-------- D:\Program Files\Yahoo!
2006-09-26 12:56 -------- d-------- D:\Documents and Settings\blandine c\Application Data\Yahoo!
2006-09-26 12:49 -------- d-------- D:\Program Files\BT Home Hub
2006-09-26 12:49 -------- d-------- D:\Program Files\BT Broadband Talk Softphone
2006-09-26 12:45 -------- d-------- D:\Program Files\Common Files\Motive
2006-09-26 12:45 -------- d-------- D:\Program Files\btbb_wcm
2006-09-26 12:44 -------- d-------- D:\Program Files\Motive

brhenzy2k4

2006-10-27, 17:04

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"D:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\""
"PhotoShow Deluxe Media Manager"="D:\\PROGRA~1\\Ahead\\NEROPH~1\\data\\Xtras\\mssysmgr.exe"
"BitTorrent"="\"D:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"MSMSGS"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"D:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="D:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"SoundMan"="SOUNDMAN.EXE"
"Motive SmartBridge"="D:\\PROGRA~1\\BTHOME~1\\Help\\SMARTB~1\\BTHelpNotifier.exe"
"btbb_wcm_McciTrayApp"="D:\\Program Files\\btbb_wcm\\McciTrayApp.exe"
"YBrowser"="D:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"STDSB"="D:\\WINDOWS\\system32\\drivers\\STDSB.exe"
"Icon"="D:\\WINDOWS\\system32\\drivers\\Icon.exe"
"SunJavaUpdateSched"="D:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe"
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"RegistryMechanic"=""
"NWEReboot"=""
"NeroFilterCheck"="D:\\WINDOWS\\System32\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="D:\\Program Files\\MSN Gaming Zone\\kyze.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="D:\\Program Files\\Windows NT\\howypy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2240}"="DCOM Server 2240"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{F28439F2-4996-41B8-8BD0-22789780DE81}"="NSIS Media Extension"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"SysRun"="{D7FFD784-5276-42D1-887B-00267870A4C7}"
"DCOM Server 2240"="{2C1CD3D7-86AC-4068-93BC-A02304BB2240}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^LG SyncManager.lnk]
"path"="D:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\LG SyncManager.lnk"
"backup"="D:\\WINDOWS\\pss\\LG SyncManager.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\LGPCSU~1\\LGPCSY~1\\LGSYNC~1.EXE "
"item"="LG SyncManager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adwarealert]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdwareAlert"
"hkey"="HKLM"
"command"="D:\\Program Files\\AdwareAlert\\AdwareAlert.exe -boot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BTSoftphone"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\BT Broadband Talk Softphone\\BTSoftphone.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00001"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="D:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ypager.exe -quiet"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-10-27 15:53:50.03
D:\ComboFix.txt ... 06-10-27 15:53

illukka

2006-10-29, 21:46

hi

open hijacthis, click do a system scan only
checkmark these entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O20 - Winlogon Notify: rpcc - D:\WINDOWS\System32\rpcc.dll
O21 - SSODL: SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - D:\WINDOWS\System32\svshost.dll
O21 - SSODL: DCOM Server 2240 - {2C1CD3D7-86AC-4068-93BC-A02304BB2240} - D:\WINDOWS\System32\tavotx.dll

next close your browser and all other programs, except hiajckthis
and click fix checked

reboot

Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols3.shtml#)

Note: This Scanner is for Internet Explorer Only!
Follow the Instruction Here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

brhenzy2k4

2006-10-31, 00:05

hi
here is the F-Secure Online Scanner report:

Scanning Report
Monday, October 30, 2006 20:50:18 - 23:00:30
Computer name: BLANDINE
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\

--------------------------------------------------------------------------------

Result: 11 malware found
Backdoor.Win32.Small.ls (virus)
D:\WINDOWS\SYSTEM32\SVSHOST.DLL (Renamed & Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System (Submitted)
System
System
System
System
System
System
W32/Keylog.AYS (virus)
D:\PROGRAM FILES\K-LITE CODEC PACK\FILTERS\BASS.DLL (Submitted)
W32/Malware.AIP (virus)
D:\PROGRAM FILES\BT HOME HUB\HELP\VENDORS\BTBB\CONTENT\TEMPLATE\DRIVEN_DEV\BROADBANDASST\CPE.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 27318
System: 5054
Not scanned: 3
Actions:
Disinfected: 1
Renamed: 1
Deleted: 0
None: 9
Submitted: 4
Files not scanned:
C:\PAGEFILE.SYS
D:\PAGEFILE.SYS
D:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-30
F-Secure Libra: 2.4.1, 2006-10-28
F-Secure Orion: 1.2.37, 2006-10-30
F-Secure Draco: 1.0.35, 0259-24-212
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

illukka

2006-10-31, 10:50

hi

bad news..

that log looks badly infected, there is a backdoor present plus a keystroke logger =>you may want to contact you bank and credit card company for possible unauthorised transactions!!

IMPORTANT- You need to disconnect this PC from the internet and from your network if it is on a network. Then, acceess this information from a non-compromised computer to follow the steps needed.

you need to take steps to protect your information that may have been compromised. I recommend these steps for action:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)

this is something i dont like to recommend normally, but with a computer this badly infected it would be the best solution for your safety to just erase the hard drive and reinstall windows

read the following link very carefully:

When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

tell me what you decide to do

tashi

2006-11-07, 17:52

brhenzy2k4, this topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.

Thank you illukka. :)