Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: 2nd try. BHO.DBU

  1. #1
    Junior Member
    Join Date
    Jan 2008
    Posts
    11

    Default 2nd try. BHO.DBU

    I can't seem to shake to shake this one...

    Logfile of HijackThis v1.99.1
    Scan saved at 14:52, on 2008-02-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\csrss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\WINDOWS\Explorer.EXE
    E:\WINDOWS\system32\spoolsv.exe
    E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    E:\Program Files\DU Meter\DUMeter.exe
    E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\wa56.exe
    E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\Canon\CAL\CALMAIN.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    E:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    E:\Program Files\uTorrent\uTorrent.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\System32\alg.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Common Files\Teleca Shared\Generic.exe
    E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    E:\Program Files\Windows Live\Messenger\usnsvc.exe
    E:\Documents and Settings\Rich\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {0A67C830-8A27-4F78-B530-02931DA524EA} - e:\windows\system32\ds16gtp.dll
    O2 - BHO: (no name) - {24B26903-6CB7-4AE4-A560-D7E19CFCE18D} - E:\WINDOWS\system32\audiosrvc.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [RegistryMechanic] E:\Program Files\Registry Mechanic\RegMech.exe /QS
    O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] E:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [wa56] E:\WINDOWS\system32\wa56.exe
    O4 - HKLM\..\Run: [SpybotSnD] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Active Desktop Calendar] E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [uTorrent] "E:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [wa56] E:\WINDOWS\system32\wa56.exe
    O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176328460015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176329388623
    O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/c...cab?v=1,0,0,38
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.easypix.ca/upload/activex...v2.0.0.10.cab?
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: eynuoops - E:\WINDOWS\SYSTEM32\ds16gtp.dll
    O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    Edit: http://forums.spybot.info/showthread.php?t=22659
    Last edited by tashi; 2008-02-10 at 11:27. Reason: Added link to previous topic

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi niplub

    1. Download combofix from any of these links and save it to Desktop:
    Link 1
    Link 2
    Link 3

    **Note: It is important that it is saved directly to your desktop**

    2. Double click combofix.exe & follow the prompts.
    3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Combofix should never take more that 20 minutes including the reboot if malware is detected.
    If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
    If that happened we want to know, and also what process you had to end.

    If you have problems with Combofix usage, see here

    Post:

    - a fresh HijackThis log
    - combofix report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #3
    Junior Member
    Join Date
    Jan 2008
    Posts
    11

    Default Combofix log...

    ComboFix log.

    ComboFix 08-02-16.2 - Rich 2008-02-15 17:04:38.3 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.989 [GMT -8:00]
    Running from: E:\Documents and Settings\Rich\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    E:\WINDOWS\system32\audiosrvc.dll
    E:\WINDOWS\system32\drivers\xriidqdx.dat
    E:\WINDOWS\system32\ds16gtp.dll
    E:\Documents and Settings\Rich\Application Data\inst.exe
    E:\WINDOWS\system32\audiosrvc.dll
    E:\WINDOWS\system32\drivers\xriidqdx.dat
    E:\WINDOWS\system32\ds16gtp.dll
    E:\WINDOWS\Tasks.\At1.job
    E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
    E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete
    .
    ---- Previous Run -------
    .
    E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    E:\Documents and Settings\Rich\Application Data\inst.exe
    E:\WINDOWS\Tasks.\At1.job

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_BVSRVGPL
    -------\LEGACY_ZIIFMEMG
    -------\bvsrvgpl
    -------\ziifmemg


    -------\ziifmemg


    ((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
    .

    2008-02-15 16:33 . 2006-02-28 04:00 1,875,968 --a--c--- E:\WINDOWS\system32\dllcache\msir3jp.lex
    2008-02-15 16:32 . 2006-02-28 04:00 13,463,552 --a--c--- E:\WINDOWS\system32\dllcache\hwxjpn.dll
    2008-02-15 16:30 . 2008-02-15 16:30 749 -rah----- E:\WINDOWS\WindowsShell.Manifest
    2008-02-15 16:30 . 2008-02-15 16:30 749 -rah----- E:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-02-15 16:30 . 2008-02-15 16:30 749 -rah----- E:\WINDOWS\system32\sapi.cpl.manifest
    2008-02-15 16:30 . 2008-02-15 16:30 749 -rah----- E:\WINDOWS\system32\ncpa.cpl.manifest
    2008-02-15 16:30 . 2008-02-15 16:30 488 -rah----- E:\WINDOWS\system32\logonui.exe.manifest
    2008-02-15 16:17 . 2006-02-28 04:00 1,086,058 -ra------ E:\WINDOWS\SET209.tmp
    2008-02-15 16:17 . 2006-02-28 04:00 1,042,903 -ra------ E:\WINDOWS\SET206.tmp
    2008-02-11 06:48 . 2008-02-11 06:48 60,416 --a------ E:\WINDOWS\system32\drivers\ComboFix.sys
    2008-02-10 23:06 . 2008-02-10 23:06 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Talkback
    2008-02-09 14:38 . 2006-02-28 04:00 388,608 --a------ E:\kmd.exe
    2008-02-06 19:06 . 2008-02-06 19:06 1,203 --a------ E:\WINDOWS\mozver.dat
    2008-02-01 19:27 . 2008-02-01 19:27 <DIR> d-------- E:\Program Files\Microsoft Silverlight
    2008-02-01 19:22 . 2008-02-01 19:22 <DIR> d-------- E:\WINDOWS\system32\XPSViewer
    2008-02-01 19:22 . 2008-02-01 19:22 <DIR> d-------- E:\Program Files\Reference Assemblies
    2008-02-01 19:21 . 2008-02-01 19:21 <DIR> d-------- E:\Program Files\MSXML 6.0
    2008-02-01 19:21 . 2008-02-01 19:21 <DIR> d-------- E:\a8e1482b6bc3a98542
    2008-02-01 19:21 . 2006-06-29 13:07 14,048 --a------ E:\WINDOWS\system32\spmsg2.dll
    2008-02-01 19:16 . 2006-11-12 22:02 288,768 --a------ E:\WINDOWS\system32\rhttpaa.dll
    2008-02-01 19:16 . 2006-11-12 22:02 116,736 --a------ E:\WINDOWS\system32\aaclient.dll
    2008-02-01 19:16 . 2006-11-12 22:02 36,352 --a------ E:\WINDOWS\system32\tsgqec.dll
    2008-02-01 06:32 . 2008-02-01 06:32 <DIR> d-------- E:\Program Files\Lavasoft
    2008-02-01 06:32 . 2008-02-01 06:32 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard
    2008-02-01 06:32 . 2008-02-01 06:33 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-01-31 15:03 . 2008-01-31 15:03 0 --a------ E:\t5k
    2008-01-29 13:08 . 2008-01-29 13:08 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-01-19 17:07 . 2008-01-19 17:08 <DIR> d-------- E:\Program Files\iTunes
    2008-01-19 17:07 . 2008-01-19 17:07 <DIR> d-------- E:\Program Files\iPod
    2008-01-19 17:05 . 2008-01-19 17:05 <DIR> d-------- E:\Program Files\QuickTime
    2008-01-18 17:34 . 2008-01-18 17:34 <DIR> d-------- E:\Program Files\Oxin's Style!

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-16 01:13 --------- d-----w E:\Documents and Settings\Rich\Application Data\uTorrent
    2008-02-15 23:55 --------- d-----w E:\Documents and Settings\Rich\Application Data\AVG7
    2008-02-15 23:55 --------- d-----w E:\Documents and Settings\All Users\Application Data\avg7
    2008-02-10 19:30 --------- d-----w E:\Program Files\DU Meter
    2008-02-09 23:59 --------- d-----w E:\Documents and Settings\Rich\Application Data\Azureus
    2008-02-09 14:52 --------- d-----w E:\Program Files\Common Files\Adobe
    2008-02-02 21:31 --------- d-----w E:\Documents and Settings\Rich\Application Data\ZoomBrowser EX
    2008-02-02 21:18 --------- d-----w E:\Documents and Settings\All Users\Application Data\ZoomBrowser
    2008-02-01 14:34 --------- d-----w E:\Program Files\Windows Media Connect 2
    2008-02-01 14:34 --------- d-----w E:\Program Files\Combined Community Codec Pack
    2008-02-01 02:11 --------- d-----w E:\Documents and Settings\All Users\Application Data\DVD Shrink
    2008-01-26 00:34 --------- d-----w E:\Documents and Settings\Rich\Application Data\Vso
    2008-01-13 20:18 --------- d-----w E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-13 19:45 --------- d-----w E:\Program Files\Spybot - Search & Destroy
    2008-01-11 01:41 --------- d-----w E:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-01-10 05:45 --------- d-----w E:\Documents and Settings\Rich\Application Data\Talkback
    2008-01-05 23:37 --------- d-----w E:\Program Files\Aimersoft
    2008-01-05 03:58 --------- d-----w E:\Documents and Settings\All Users\Application Data\vsosdk
    2008-01-05 03:34 47,360 ----a-w E:\WINDOWS\system32\drivers\pcouffin.sys
    2008-01-05 03:34 47,360 ----a-w E:\Documents and Settings\Rich\Application Data\pcouffin.sys
    2008-01-05 03:34 --------- d-----w E:\Program Files\VSO
    2008-01-04 01:55 --------- d-----w E:\Documents and Settings\Rich\Application Data\Media Player Classic
    2007-12-28 14:56 --------- d-----w E:\Program Files\Azureus
    2007-12-24 05:18 --------- d-----w E:\Documents and Settings\Rich\Application Data\Teleca
    2007-12-23 20:48 --------- d-----w E:\Documents and Settings\Rich\Application Data\Sony Ericsson
    2007-12-23 20:46 --------- d-----w E:\Program Files\Common Files\Teleca Shared
    2007-12-23 20:46 --------- d-----w E:\Documents and Settings\All Users\Application Data\Teleca
    2007-12-23 20:46 --------- d-----w E:\Documents and Settings\All Users\Application Data\Sony Ericsson
    2007-12-23 20:45 --------- d-----w E:\Program Files\Sony Ericsson
    2007-12-22 20:58 --------- d-----w E:\Program Files\Super_DVD_Creator_9.5
    2007-11-11 06:10 938 ----a-w E:\Program Files\Common Files\Xnews.ini
    2007-11-11 06:10 1,386,772 ----a-w E:\Program Files\Common Files\SHAW news.newsrc
    2007-11-10 15:24 1,385,080 ----a-w E:\Program Files\Common Files\SHAW news.newsrc.bak
    2007-11-10 15:13 94 ----a-w E:\Program Files\Common Files\servers.ini
    2007-11-10 15:12 89,626 ----a-w E:\Program Files\Common Files\changes.txt
    2007-11-10 15:12 834 ----a-w E:\Program Files\Common Files\sample-score.ini
    2007-11-10 15:12 6,414 ----a-w E:\Program Files\Common Files\scoring.txt
    2007-11-10 15:12 42,598 ----a-w E:\Program Files\Common Files\pcre.html
    2007-11-10 15:12 359 ----a-w E:\Program Files\Common Files\groups.ini
    2007-11-10 15:12 12,800 --sha-w E:\Program Files\Common Files\Thumbs.db
    2007-11-10 15:12 102,699 ----a-w E:\Program Files\Common Files\manual.html
    2007-11-10 15:12 1,427 ----a-w E:\Program Files\Common Files\readme.txt
    2007-11-10 15:12 1,255,936 ----a-w E:\Program Files\Common Files\Xnews.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2006-02-28 04:00 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 18:04 139264]
    "MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "Active Desktop Calendar"="E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe" [2007-01-11 14:13 3330048]
    "uTorrent"="E:\Program Files\uTorrent\uTorrent.exe" [2007-12-01 13:48 250672]
    "wa56"="E:\WINDOWS\system32\wa56.exe" [2008-01-10 07:11 16384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="E:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-19 08:38 579072]
    "RegistryMechanic"="E:\Program Files\Registry Mechanic\RegMech.exe" [2005-12-25 18:27 7634944]
    "SoundMAXPnP"="E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 08:11 1388544]
    "SoundMAX"="E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 11:41 860160]
    "NeroFilterCheck"="E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
    "SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "DU Meter"="E:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 18:28 1469952]
    "GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
    "WinampAgent"="E:\Program Files\Winamp\winampa.exe" [2007-05-14 14:22 35328]
    "PC Pitstop Optimize Scheduler"="E:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-10-26 15:53 2577120]
    "Sony Ericsson PC Suite"="E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
    "wa56"="E:\WINDOWS\system32\wa56.exe" [2008-01-10 07:11 16384]
    "SpybotSnD"="E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46 4943184]
    "QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
    "iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
    "Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2006-02-28 04:00 15360]
    "AVG7_Run"="E:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:50 219136]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "tscuninstall"="E:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 21:59 44544]

    E:\Documents and Settings\Rich\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
    OneNote 2007 Screen Clipper and Launcher.lnk - E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

    S3 UXDCMN;UXDCMN;F:\UXDCMN.SYS []
    S3 w200bus;Sony Ericsson W200 driver (WDM);E:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42]

    .
    Contents of the 'Scheduled Tasks' folder
    "2008-02-09 23:53:04 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - E:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-15 17:13:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    E:\Program Files\Canon\CAL\CALMAIN.exe
    E:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\Common Files\Teleca Shared\Generic.exe
    E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    .
    **************************************************************************
    .
    Completion time: 2008-02-15 17:18:44 - machine was rebooted [Rich]
    ComboFix-quarantined-files.txt 2008-02-16 01:18:41
    .
    2008-02-16 00:50:25 --- E O F ---

  4. #4
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Please post a fresh HijackThis log, too
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #5
    Junior Member
    Join Date
    Jan 2008
    Posts
    11

    Default hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 7:36:33 AM, on 2/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\WINDOWS\Explorer.EXE
    E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    E:\Program Files\DU Meter\DUMeter.exe
    E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    E:\Program Files\Winamp\winampa.exe
    E:\WINDOWS\system32\wa56.exe
    E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    E:\Program Files\uTorrent\uTorrent.exe
    E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    E:\WINDOWS\system32\svchost.exe
    E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    E:\Program Files\Canon\CAL\CALMAIN.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\Windows Live\Messenger\usnsvc.exe
    E:\Program Files\Common Files\Teleca Shared\Generic.exe
    E:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Documents and Settings\Rich\Desktop\HijackThis.exe
    E:\WINDOWS\SoftwareDistribution\Download\e995acae9f2591ac009a4ad305efa874\update\update.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [RegistryMechanic] E:\Program Files\Registry Mechanic\RegMech.exe /QS
    O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [DU Meter] E:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] E:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "E:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [wa56] E:\WINDOWS\system32\wa56.exe
    O4 - HKLM\..\Run: [SpybotSnD] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autofix
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Active Desktop Calendar] E:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - HKCU\..\Run: [uTorrent] "E:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [wa56] E:\WINDOWS\system32\wa56.exe
    O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = E:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O10 - Unknown file in Winsock LSP: e:\windows\system32\avgfwafu.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n031p/EN/install/gtdownlr.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02...s/MSNPUpld.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/...oUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1176328460015
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1176329388623
    O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/c...cab?v=1,0,0,38
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://www.easypix.ca/upload/activex...v2.0.0.10.cab?
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - E:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\WINDOW~2\MESSEN~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - E:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - E:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

  6. #6
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Please click this link-->Jotti

    Copy/paste the first file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).

    E:\WINDOWS\system32\wa56.exe

    Please post back the results of the scan in your next post.

    If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  7. #7
    Junior Member
    Join Date
    Jan 2008
    Posts
    11

    Default scans...

    File: wa56.exe
    Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
    MD5: 6560c17438970b229537f5cf734870d7
    Packers detected: -
    Bit9 reports: File not found
    ________________________________________

    Scan taken on 16 Feb 2008 15:48:44 (GMT)
    A-Squared Found nothing
    AntiVir Found TR/Crypt.Morphine.Gen
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found Trojan.Agent-13262
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found Trojan.Win32.Agent.edh
    Fortinet Found nothing
    Ikarus Found Trojan.Win32.Agent.edh
    Kaspersky Anti-Virus Found Trojan.Win32.Agent.edh
    NOD32 Found a variant of Win32/Small.BB
    Norman Virus Control Found W32/Agent.EFNR
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found Trojan.Win32.Agent.edh

  8. #8
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Download suspicious file packer from here

    Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

    E:\WINDOWS\system32\wa56.exe

    Go to spykiller

    Press new topic, make threads title "Files for Shaba"
    Include to your message a link to here, then attach the cab/zip file to your message and post the topic
    If you cant locate it through the browse button just copy/paste the filename and path.

    After that, please reply here and we'll continue
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  9. #9
    Junior Member
    Join Date
    Jan 2008
    Posts
    11

    Default ....

    ok I've done what you asked... i think.
    Thanks.

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Shaba, infected files that were posted in another topic removed.

    Previous topic: http://forums.spybot.info/showthread.php?t=22659
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •