Virtumonde needed

Wow, that was some log.

What you have going on here is your infected with the latest variant of the Vundo Trojan that includes a File Infecter. It looks like Combofix fixed some of them but there are still infected programs on your system. If you look in the code box below ((((((((( Find3M Report )))))))) All those programs are still infected, what this trojan has done is to add its own infected file to that program. The ones in the Code box above these that point to Qoobox have been fixed.



C:\Program Files\14AF136D45A676B5D98749C2E4458213
Let me ask you about these in your ((((((((( Find3M Report )))))))) You have a bunch of these and they date back to 2001, do you know what these are??


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - _{0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)


If you or a system administrator set these then leave them be otherwise fix them.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm117YYUS

SideStep falls somewhere in the grey area, you should uninstall this program if you don't use it.
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll

O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} (Java Plug-in 1.4.2) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Plug-in 1.5.0_09) -

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab





Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above RenV::

RenV::
----a-w 1,293,870 2003-01-02 23:34:58 C:\Documents and Settings\Owner\Desktop\Tom\DVDCopyOne Platinum v6.0 .exe
----a-w 313,472 2008-01-23 16:27:30 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 61,440 2008-01-04 03:49:04 C:\Program Files\Common Files\Mediafour\MACVNTFY .EXE
----a-w 185,896 2008-01-20 04:36:18 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w 106,496 2008-01-04 03:38:22 C:\Program Files\Mediafour\MacDrive\MDDiskProtect .exe
----a-w 94,208 2008-01-04 03:49:06 C:\Program Files\Mediafour\XPlay\XPTRYICN .EXE
----a-w 75,304 2008-01-20 04:36:16 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4 .exe
----a-w 497,376 2008-01-03 05:55:28 C:\WINDOWS\p_981116 .exe
----a-w 15,360 2008-01-06 09:32:56 C:\WINDOWS\system32\ctfmon .exe
----a-w 155,648 2008-01-03 05:55:24 C:\WINDOWS\system32\igfxtray .exe
----a-w 155,648 2008-01-03 05:55:17 C:\WINDOWS\system32\NeroCheck .exe
----a-w 9,728 2008-01-04 03:49:08 C:\WINDOWS\system32\printer .exe
----a-w 9,728 2008-01-04 03:49:16 C:\WINDOWS\system32\spoolvs .exe
Click to expand...

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.


Post the New Combofix log , it will not be large like the last one and a new HJT log please.
 
Hijack This log

I have no idea what the "Find3M Report" files are. I also have a red "X" in place of the "C:" drive on "My Computer".


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:32 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E6064609-3386-4954-AFC1-AD569B53BC20} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

--
End of file - 10827 bytes
 
Combofix log

ComboFix 08-01-23.1C - Owner 2008-01-26 21:41:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.137 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 10:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 13:16 . 2008-01-25 13:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-25 13:16 . 2008-01-25 13:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 20:38 . 2008-01-21 20:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-20 09:05 . 2008-01-20 09:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-19 20:23 . 2008-01-20 20:32 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-18 21:35 . 2008-01-18 21:41 <DIR> d-------- C:\Program Files\Nimbuzz
2008-01-16 22:12 . 2008-01-20 10:44 <DIR> d-------- C:\VundoFix Backups
2008-01-07 16:52 . 2008-01-07 16:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-02 23:21 . 2008-01-06 01:32 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-02 23:21 . 2008-01-06 01:32 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-02 21:55 . 2008-01-02 21:55 497,376 --a------ C:\WINDOWS\p_981116.exe
2008-01-02 21:55 . 2008-01-02 21:55 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-02 21:55 . 2008-01-02 21:55 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-02 20:00 . 2008-01-02 20:00 0 --a------ C:\Install
2008-01-02 19:55 . 2008-01-02 19:55 <DIR> d-------- C:\Program Files\Neoretix
2008-01-02 19:44 . 2008-01-02 19:52 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-01-02 18:08 . 2008-01-26 12:44 <DIR> d-------- C:\Program Files\QuickTime
2008-01-01 13:47 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-01 13:47 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-01 13:47 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-01 13:47 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 05:41 --------- d-----w C:\Program Files\Common Files\Mediafour
2008-01-26 20:44 --------- d-----w C:\Program Files\iTunes
2008-01-26 11:23 --------- d-----w C:\Program Files\Common Files\Command Software
2008-01-21 04:12 --------- d-----w C:\Program Files\Java
2008-01-20 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 17:20 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-01-08 00:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 07:11 --------- d-----w C:\Program Files\Kazaa
2008-01-03 02:05 --------- d-----w C:\Program Files\Apple Software Update
2007-12-18 02:55 --------- d-----w C:\Program Files\Hanes T-ShirtMaker Lite
2007-12-18 02:55 --------- d-----w C:\Program Files\Application
2007-12-06 19:57 --------- d-----w C:\Program Files\Virtual Earth 3D
2007-12-06 19:36 --------- d-----w C:\Program Files\Google
2007-11-29 18:05 --------- d-----w C:\Program Files\Mediafour
2007-11-27 19:54 --------- d-----w C:\Program Files\Canon
2007-11-27 19:53 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-11-27 19:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-27 19:52 --------- d-----w C:\Program Files\ScanSoft
2007-11-27 19:51 --------- d-----w C:\Program Files\ArcSoft
2007-11-27 19:48 --------- d--h--w C:\Program Files\CanonBJ
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-28 01:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-08-30 05:46 22 ----a-w C:\Program Files\3wPlayer.zip
2006-12-28 17:09 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2001-08-30 09:20 991 ----a-r C:\Program Files\14AF136D45A676B5D98749C2E4458213
2001-08-30 09:20 990 ----a-r C:\Program Files\B59FC2EED30704599DCED8A8972A8869
2001-08-30 09:20 989 ----a-r C:\Program Files\957E70B155C8352A9CB447A6709D2871
2001-08-30 09:20 989 ----a-r C:\Program Files\6268B2DE42EBC53668D8B7444C3FF5EA
2001-08-30 09:20 987 ----a-r C:\Program Files\ABEDB0D115AFE55768D8B7444C3FF5EA
2001-08-30 09:20 983 ----a-r C:\Program Files\2DFA15AC29FF84BC68D8B7444C3FF5EA
2001-08-30 09:20 973 ----a-r C:\Program Files\A8C84B24B45D79D0D98749C2E4458213
2001-08-30 09:20 973 ----a-r C:\Program Files\77F9277AE49C042FD98749C2E4458213
2001-08-30 09:20 970 ----a-r C:\Program Files\9BEA1CBCB3BCDB649CB447A6709D2871
2001-08-30 09:20 968 ----a-r C:\Program Files\EC480444BE051BF19CB447A6709D2871
2001-08-30 09:20 959 ----a-r C:\Program Files\A7C65690A21A9FF132691ED4234B0F9768D8B7444C3FF5EA
2001-08-30 09:20 959 ----a-r C:\Program Files\9258E108122751779DCED8A8972A8869
2001-08-30 09:20 959 ----a-r C:\Program Files\27B0B93042C513549CB447A6709D2871
2001-08-30 09:20 957 ----a-r C:\Program Files\F86485A2DC115BD29CB447A6709D2871
2001-08-30 09:20 957 ----a-r C:\Program Files\C4CCFB6F2594165557ACCA3954F05310
2001-08-30 09:20 954 ----a-r C:\Program Files\10BD8158E3A9BC3AD98749C2E4458213
2001-08-30 09:20 953 ----a-r C:\Program Files\3DC6B199407998E12FD2DBB586F912F1
2001-08-30 09:20 952 ----a-r C:\Program Files\7677F8D6015386A0
2001-08-30 09:20 943 ----a-r C:\Program Files\629F4421B3F068377EED2F70507FAF8A
2001-08-30 09:20 941 ----a-r C:\Program Files\3D03CB27A00A90329DCED8A8972A8869
2001-08-30 09:20 941 ----a-r C:\Program Files\3AC0FF22E2A805C22FD2DBB586F912F1
2001-08-30 09:20 939 ----a-r C:\Program Files\938F1546D631FEBC68D8B7444C3FF5EA
2001-08-30 09:20 937 ----a-r C:\Program Files\36485C55F3544281FD947A0B9DA1E5E3
2001-08-30 09:20 937 ----a-r C:\Program Files\07F405A790D097592FD2DBB586F912F1
2001-08-30 09:20 929 ----a-r C:\Program Files\CAAC6EB96E76B6E4D98749C2E4458213
2001-08-30 09:20 925 ----a-r C:\Program Files\797A672DEA9E59D1
2001-08-30 09:20 913 ----a-r C:\Program Files\5B499C0E6AD01072D98749C2E4458213
2001-08-30 09:20 911 ----a-r C:\Program Files\19BF8638CAE0089B9DCED8A8972A8869
2001-08-30 09:20 906 ----a-r C:\Program Files\E5106503A81B5139D98749C2E4458213
2001-08-30 09:20 9,630 ----a-r C:\Program Files\36485C55F354428168D8B7444C3FF5EA
2001-08-30 09:20 897 ----a-r C:\Program Files\6758836328296BBE
2001-08-30 09:20 895 ----a-r C:\Program Files\D7769BD9600CC0E368D8B7444C3FF5EA
2001-08-30 09:20 890 ----a-r C:\Program Files\E6BE113A2C77D79F68D8B7444C3FF5EA
2001-08-30 09:20 890 ----a-r C:\Program Files\3497ABE46F99CBB59CB447A6709D2871
2001-08-30 09:20 888 ----a-r C:\Program Files\947DE603F86843929CB447A6709D2871
2001-08-30 09:20 887 ----a-r C:\Program Files\0E0C7AAF9C349FC1
2001-08-30 09:20 884 ----a-r C:\Program Files\1D92321BCE9415B19CB447A6709D2871
2001-08-30 09:20 881 ----a-r C:\Program Files\2E5D1D3ABABBAA5E9CB447A6709D2871
2001-08-30 09:20 881 ----a-r C:\Program Files\21818B424916A28F68D8B7444C3FF5EA
2001-08-30 09:20 879 ----a-r C:\Program Files\A7C65690A21A9FF1F76307E864B37F25
2001-08-30 09:20 877 ----a-r C:\Program Files\8BBB5273585E99D24F1E31390980824F
2001-08-30 09:20 875 ----a-r C:\Program Files\49DBD4D7E8BAFC31D98749C2E4458213
2001-08-30 09:20 874 ----a-r C:\Program Files\CAB346CB522E77579CB447A6709D2871
2001-08-30 09:20 871 ----a-r C:\Program Files\261C4DB1AFDCB7972FD2DBB586F912F1
2001-08-30 09:20 865 ----a-r C:\Program Files\FFCF5FCD6FB8BA87D98749C2E4458213
2001-08-30 09:20 865 ----a-r C:\Program Files\C20BC971E41A64BFD98749C2E4458213
2001-08-30 09:20 865 ----a-r C:\Program Files\856F25B37B57FDB69CB447A6709D2871
2001-08-30 09:20 865 ----a-r C:\Program Files\3033EC1C1C52EF91D63FF4810F54AB57
2001-08-30 09:20 863 ----a-r C:\Program Files\E1A9B3CA2B06E1B8D98749C2E4458213
2001-08-30 09:20 863 ----a-r C:\Program Files\C42F47A27812F2FD
2001-08-30 09:20 859 ----a-r C:\Program Files\64B811DCE59E5B14D98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\E4DDE91603A66FD94F1E31390980824F
2001-08-30 09:20 849 ----a-r C:\Program Files\A8124A98DE88B67BD98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\A365BD726523CAA2F67191B868AB247A
2001-08-30 09:20 849 ----a-r C:\Program Files\83C254292EF258E9D98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\18505C7B14230E9FFC6476F73DFD099D68D8B7444C3FF5EA
2001-08-30 09:20 844 ----a-r C:\Program Files\A1368EC7746C8003
2001-08-30 09:20 833 ----a-r C:\Program Files\FBAA2CC490B69FAA
2001-08-30 09:20 833 ----a-r C:\Program Files\E42D7FBE355FC1FD9CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\8EDE47393915C1509CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\8873D513005CE3289DCED8A8972A8869
2001-08-30 09:20 833 ----a-r C:\Program Files\6DB34399DD8A93719CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\6ABDD4E3680EA6959CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\2C4D0B89F3FAE77B9CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\087F22B452F84774D98749C2E4458213
2001-08-30 09:20 831 ----a-r C:\Program Files\FDEC777047A284EC9CB447A6709D2871
2001-08-30 09:20 831 ----a-r C:\Program Files\E7B3F53D4011F1D89CB447A6709D2871
2001-08-30 09:20 831 ----a-r C:\Program Files\4858A5171C529BF3D98749C2E4458213
2001-08-30 09:20 817 ----a-r C:\Program Files\D1A7DE369B338517BD438AAE4386CE99
2001-08-30 09:20 815 ----a-r C:\Program Files\51F0B8CF1DAE6059D98749C2E4458213
2001-08-30 09:20 814 ----a-r C:\Program Files\6CDBA3180A186E2BE9C1F8FB99B8A88F
2001-08-30 09:20 811 ----a-r C:\Program Files\3B1227EECC7B782E9CB447A6709D2871
2001-08-30 09:20 810 ----a-r C:\Program Files\88DFE0B1FB0ABEABD98749C2E4458213
2001-08-30 09:20 810 ----a-r C:\Program Files\38A7421063A91248BCEE04EDB38C491704D64AFBDE6580362FD2DBB586F912F1
2001-08-30 09:20 808 ----a-r C:\Program Files\69CE51850BC03E5768D8B7444C3FF5EA
2004-03-25 03:03 220 --sha-w C:\WINDOWS\dwin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-26_12.54.43.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 18:29:00 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 05:41:17 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 18:29:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 05:41:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 18:29:00 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-27 05:41:17 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-27 05:41:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 05:41:17 6,561,792 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-26 18:29:01 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 05:41:17 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-23 08:27 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-06 01:32 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [ ]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
HOTLLAMA Update Check.lnk - C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe [2004-12-31 11:45:49 162834]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2004-11-10 07:50]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 03:27:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 05:46:17 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 21:46:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-26 21:48:30
ComboFix-quarantined-files.txt 2008-01-27 05:48:27
ComboFix2.txt 2008-01-26 20:55:33
.
2008-01-09 11:05:12 --- E O F ---
 
Good Morning,

If you have a red x in place of your C: drive it may be some sort of windows issue, I have been at this for over 5 years and I have never seen entries like that. I am going to inquire about it, maybe someone else on this forum can shed some light on it.

It looks like all the infected files where taken care of :bigthumb: but there is a bad entry remaining.

Fix these with HJT.
O3 - Toolbar: (no name) - {E6064609-3386-4954-AFC1-AD569B53BC20} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime

Open Notepad and copy all the text inside the quote box by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::

Driver::
MSControlService
Click to expand...

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Post both logs please
 
Last edited:
Hijackthis text

Good morning KEN and thankyou so much for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:32 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E6064609-3386-4954-AFC1-AD569B53BC20} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

--
End of file - 10827 bytes
 
Combofix text

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:32 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {E6064609-3386-4954-AFC1-AD569B53BC20} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

--
End of file - 10827 bytes
 
Combofix text

Oops, sorry.

ComboFix 08-01-23.1C - Owner 2008-01-27 9:14:36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-26 10:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-25 13:16 . 2008-01-25 13:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-25 13:16 . 2008-01-25 13:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 20:38 . 2008-01-21 20:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-20 09:05 . 2008-01-20 09:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-19 20:23 . 2008-01-20 20:32 <DIR> d-------- C:\Program Files\RegistryFix
2008-01-18 21:35 . 2008-01-18 21:41 <DIR> d-------- C:\Program Files\Nimbuzz
2008-01-16 22:12 . 2008-01-20 10:44 <DIR> d-------- C:\VundoFix Backups
2008-01-07 16:52 . 2008-01-07 16:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-02 23:21 . 2008-01-06 01:32 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-02 23:21 . 2008-01-06 01:32 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-02 21:55 . 2008-01-02 21:55 497,376 --a------ C:\WINDOWS\p_981116.exe
2008-01-02 21:55 . 2008-01-02 21:55 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-02 21:55 . 2008-01-02 21:55 155,648 --a------ C:\WINDOWS\system32\igfxtray.exe
2008-01-02 20:00 . 2008-01-02 20:00 0 --a------ C:\Install
2008-01-02 19:55 . 2008-01-02 19:55 <DIR> d-------- C:\Program Files\Neoretix
2008-01-02 19:44 . 2008-01-02 19:52 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-01-02 18:08 . 2008-01-26 12:44 <DIR> d-------- C:\Program Files\QuickTime
2008-01-01 13:47 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-01 13:47 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-01-01 13:47 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-01 13:47 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 05:41 --------- d-----w C:\Program Files\Common Files\Mediafour
2008-01-26 20:44 --------- d-----w C:\Program Files\iTunes
2008-01-26 11:23 --------- d-----w C:\Program Files\Common Files\Command Software
2008-01-21 04:12 --------- d-----w C:\Program Files\Java
2008-01-20 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 00:52 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-03 07:11 --------- d-----w C:\Program Files\Kazaa
2008-01-03 02:05 --------- d-----w C:\Program Files\Apple Software Update
2007-12-18 02:55 --------- d-----w C:\Program Files\Hanes T-ShirtMaker Lite
2007-12-18 02:55 --------- d-----w C:\Program Files\Application
2007-12-06 19:57 --------- d-----w C:\Program Files\Virtual Earth 3D
2007-12-06 19:36 --------- d-----w C:\Program Files\Google
2007-11-29 18:05 --------- d-----w C:\Program Files\Mediafour
2007-11-27 19:54 --------- d-----w C:\Program Files\Canon
2007-11-27 19:53 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-11-27 19:53 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-27 19:52 --------- d-----w C:\Program Files\ScanSoft
2007-11-27 19:51 --------- d-----w C:\Program Files\ArcSoft
2007-11-27 19:48 --------- d--h--w C:\Program Files\CanonBJ
2007-08-30 05:46 22 ----a-w C:\Program Files\3wPlayer.zip
2006-12-28 17:09 25,755,448 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe
2001-08-30 09:20 991 ----a-r C:\Program Files\14AF136D45A676B5D98749C2E4458213
2001-08-30 09:20 990 ----a-r C:\Program Files\B59FC2EED30704599DCED8A8972A8869
2001-08-30 09:20 989 ----a-r C:\Program Files\957E70B155C8352A9CB447A6709D2871
2001-08-30 09:20 989 ----a-r C:\Program Files\6268B2DE42EBC53668D8B7444C3FF5EA
2001-08-30 09:20 987 ----a-r C:\Program Files\ABEDB0D115AFE55768D8B7444C3FF5EA
2001-08-30 09:20 983 ----a-r C:\Program Files\2DFA15AC29FF84BC68D8B7444C3FF5EA
2001-08-30 09:20 973 ----a-r C:\Program Files\A8C84B24B45D79D0D98749C2E4458213
2001-08-30 09:20 973 ----a-r C:\Program Files\77F9277AE49C042FD98749C2E4458213
2001-08-30 09:20 970 ----a-r C:\Program Files\9BEA1CBCB3BCDB649CB447A6709D2871
2001-08-30 09:20 968 ----a-r C:\Program Files\EC480444BE051BF19CB447A6709D2871
2001-08-30 09:20 959 ----a-r C:\Program Files\A7C65690A21A9FF132691ED4234B0F9768D8B7444C3FF5EA
2001-08-30 09:20 959 ----a-r C:\Program Files\9258E108122751779DCED8A8972A8869
2001-08-30 09:20 959 ----a-r C:\Program Files\27B0B93042C513549CB447A6709D2871
2001-08-30 09:20 957 ----a-r C:\Program Files\F86485A2DC115BD29CB447A6709D2871
2001-08-30 09:20 957 ----a-r C:\Program Files\C4CCFB6F2594165557ACCA3954F05310
2001-08-30 09:20 954 ----a-r C:\Program Files\10BD8158E3A9BC3AD98749C2E4458213
2001-08-30 09:20 953 ----a-r C:\Program Files\3DC6B199407998E12FD2DBB586F912F1
2001-08-30 09:20 952 ----a-r C:\Program Files\7677F8D6015386A0
2001-08-30 09:20 943 ----a-r C:\Program Files\629F4421B3F068377EED2F70507FAF8A
2001-08-30 09:20 941 ----a-r C:\Program Files\3D03CB27A00A90329DCED8A8972A8869
2001-08-30 09:20 941 ----a-r C:\Program Files\3AC0FF22E2A805C22FD2DBB586F912F1
2001-08-30 09:20 939 ----a-r C:\Program Files\938F1546D631FEBC68D8B7444C3FF5EA
2001-08-30 09:20 937 ----a-r C:\Program Files\36485C55F3544281FD947A0B9DA1E5E3
2001-08-30 09:20 937 ----a-r C:\Program Files\07F405A790D097592FD2DBB586F912F1
2001-08-30 09:20 929 ----a-r C:\Program Files\CAAC6EB96E76B6E4D98749C2E4458213
2001-08-30 09:20 925 ----a-r C:\Program Files\797A672DEA9E59D1
2001-08-30 09:20 913 ----a-r C:\Program Files\5B499C0E6AD01072D98749C2E4458213
2001-08-30 09:20 911 ----a-r C:\Program Files\19BF8638CAE0089B9DCED8A8972A8869
2001-08-30 09:20 906 ----a-r C:\Program Files\E5106503A81B5139D98749C2E4458213
2001-08-30 09:20 9,630 ----a-r C:\Program Files\36485C55F354428168D8B7444C3FF5EA
2001-08-30 09:20 897 ----a-r C:\Program Files\6758836328296BBE
2001-08-30 09:20 895 ----a-r C:\Program Files\D7769BD9600CC0E368D8B7444C3FF5EA
2001-08-30 09:20 890 ----a-r C:\Program Files\E6BE113A2C77D79F68D8B7444C3FF5EA
2001-08-30 09:20 890 ----a-r C:\Program Files\3497ABE46F99CBB59CB447A6709D2871
2001-08-30 09:20 888 ----a-r C:\Program Files\947DE603F86843929CB447A6709D2871
2001-08-30 09:20 887 ----a-r C:\Program Files\0E0C7AAF9C349FC1
2001-08-30 09:20 884 ----a-r C:\Program Files\1D92321BCE9415B19CB447A6709D2871
2001-08-30 09:20 881 ----a-r C:\Program Files\2E5D1D3ABABBAA5E9CB447A6709D2871
2001-08-30 09:20 881 ----a-r C:\Program Files\21818B424916A28F68D8B7444C3FF5EA
2001-08-30 09:20 879 ----a-r C:\Program Files\A7C65690A21A9FF1F76307E864B37F25
2001-08-30 09:20 877 ----a-r C:\Program Files\8BBB5273585E99D24F1E31390980824F
2001-08-30 09:20 875 ----a-r C:\Program Files\49DBD4D7E8BAFC31D98749C2E4458213
2001-08-30 09:20 874 ----a-r C:\Program Files\CAB346CB522E77579CB447A6709D2871
2001-08-30 09:20 871 ----a-r C:\Program Files\261C4DB1AFDCB7972FD2DBB586F912F1
2001-08-30 09:20 865 ----a-r C:\Program Files\FFCF5FCD6FB8BA87D98749C2E4458213
2001-08-30 09:20 865 ----a-r C:\Program Files\C20BC971E41A64BFD98749C2E4458213
2001-08-30 09:20 865 ----a-r C:\Program Files\856F25B37B57FDB69CB447A6709D2871
2001-08-30 09:20 865 ----a-r C:\Program Files\3033EC1C1C52EF91D63FF4810F54AB57
2001-08-30 09:20 863 ----a-r C:\Program Files\E1A9B3CA2B06E1B8D98749C2E4458213
2001-08-30 09:20 863 ----a-r C:\Program Files\C42F47A27812F2FD
2001-08-30 09:20 859 ----a-r C:\Program Files\64B811DCE59E5B14D98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\E4DDE91603A66FD94F1E31390980824F
2001-08-30 09:20 849 ----a-r C:\Program Files\A8124A98DE88B67BD98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\A365BD726523CAA2F67191B868AB247A
2001-08-30 09:20 849 ----a-r C:\Program Files\83C254292EF258E9D98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\18505C7B14230E9FFC6476F73DFD099D68D8B7444C3FF5EA
2001-08-30 09:20 844 ----a-r C:\Program Files\A1368EC7746C8003
2001-08-30 09:20 833 ----a-r C:\Program Files\FBAA2CC490B69FAA
2001-08-30 09:20 833 ----a-r C:\Program Files\E42D7FBE355FC1FD9CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\8EDE47393915C1509CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\8873D513005CE3289DCED8A8972A8869
2001-08-30 09:20 833 ----a-r C:\Program Files\6DB34399DD8A93719CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\6ABDD4E3680EA6959CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\2C4D0B89F3FAE77B9CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\087F22B452F84774D98749C2E4458213
2001-08-30 09:20 831 ----a-r C:\Program Files\FDEC777047A284EC9CB447A6709D2871
2001-08-30 09:20 831 ----a-r C:\Program Files\E7B3F53D4011F1D89CB447A6709D2871
2001-08-30 09:20 831 ----a-r C:\Program Files\4858A5171C529BF3D98749C2E4458213
2001-08-30 09:20 817 ----a-r C:\Program Files\D1A7DE369B338517BD438AAE4386CE99
2001-08-30 09:20 815 ----a-r C:\Program Files\51F0B8CF1DAE6059D98749C2E4458213
2001-08-30 09:20 814 ----a-r C:\Program Files\6CDBA3180A186E2BE9C1F8FB99B8A88F
2001-08-30 09:20 811 ----a-r C:\Program Files\3B1227EECC7B782E9CB447A6709D2871
2001-08-30 09:20 810 ----a-r C:\Program Files\88DFE0B1FB0ABEABD98749C2E4458213
2001-08-30 09:20 810 ----a-r C:\Program Files\38A7421063A91248BCEE04EDB38C491704D64AFBDE6580362FD2DBB586F912F1
2001-08-30 09:20 808 ----a-r C:\Program Files\69CE51850BC03E5768D8B7444C3FF5EA
2001-08-30 09:20 801 ----a-r C:\Program Files\B1227395A9F3027C68D8B7444C3FF5EA
2001-08-30 09:20 801 ----a-r C:\Program Files\A7D22A152A9BEFF42FD2DBB586F912F1
2001-08-30 09:20 801 ----a-r C:\Program Files\352DECE97604BAE99F7BC7ED334C30E8
2001-08-30 09:20 801 ----a-r C:\Program Files\07669A27490019999CB447A6709D2871
2004-03-25 03:03 220 --sha-w C:\WINDOWS\dwin.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-26_12.54.43.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-26 18:29:00 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 17:14:28 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-26 18:29:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 17:14:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-26 18:29:00 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-27 17:14:29 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\ntuser.dat
+ 2008-01-27 17:14:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 17:14:29 6,561,792 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-26 18:29:01 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 17:14:29 196,608 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 17:20:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_428.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2008-01-23 08:27 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-06 01:32 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [ ]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
HOTLLAMA Update Check.lnk - C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe [2004-12-31 11:45:49 162834]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 12:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"= 0 (0x0)
"disabletaskmgr"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R2 GRTdiMon;GR TDI Mon;C:\WINDOWS\system32\Drivers\GRTdiMon.sys [2004-11-10 07:50]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 03:27:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-27 13:46:20 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 09:20:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-27 9:24:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 17:24:40
ComboFix2.txt 2008-01-27 05:48:30
ComboFix3.txt 2008-01-26 20:55:33
.
2008-01-09 11:05:12 --- E O F ---
 
Fix this with HJT.
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)



  • Open HJT > Misc Tools > Delete an NT Service
  • Type in or copy and paste MSControlService
  • Then click on OK, it will ask you to reboot, do so.

Post hopefully your last HJT log :p:
 
I could not locate "O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows (file missing)" in HJT to fix and

Open HJT > Misc Tools > Delete an NT Service
Type in or copy and paste MSControlService

could not be found

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:33 PM, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O12 - Plugin for .fpx: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O12 - Plugin for .ivr: C:\\Program Files\\Internet Explorer\\PLUGINS\\NPRVRT32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} (RRAAINAX_02.RRAAINAX) - http://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx.com/player/DivXPlayerInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw15fd.law15.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

--
End of file - 10516 bytes
 
You posted an old HJT log and it was still present, my bad for not checking the date :red:

Its gone and your log looks fine :bigthumb:

  • Your Java is out of date and leaving your system vulnerable.
  • Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
  • It should have an icon next to it:
    javaicon.jpg

    Select it and click Remove.
  • Reboot your system.
  • Then go to the Sun Microsystems and install the update
  • Java Runtime Environment (JRE) 6 Update 4 <--This is what you need to download and install.
  • If you chose the online installation, it will prompt you to run the program.
  • If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
  • Then after install you can verify your installation here Sun Java Verify
I like to to do the offline installation and save the setup file in case I may need it in the future



How are things running now???
 
Ken, again thanks for the help.

Every thing is running fine except I stil have the red "X" in place of my "C:" drive icon in "My Computer".

Should I delete the following files since I never had my computer back in 2001?

2001-08-30 09:20 991 ----a-r C:\Program Files\14AF136D45A676B5D98749C2E4458213
2001-08-30 09:20 990 ----a-r C:\Program Files\B59FC2EED30704599DCED8A8972A8869
2001-08-30 09:20 989 ----a-r C:\Program Files\957E70B155C8352A9CB447A6709D2871
2001-08-30 09:20 989 ----a-r C:\Program Files\6268B2DE42EBC53668D8B7444C3FF5EA
2001-08-30 09:20 987 ----a-r C:\Program Files\ABEDB0D115AFE55768D8B7444C3FF5EA
2001-08-30 09:20 983 ----a-r C:\Program Files\2DFA15AC29FF84BC68D8B7444C3FF5EA
2001-08-30 09:20 973 ----a-r C:\Program Files\A8C84B24B45D79D0D98749C2E4458213
2001-08-30 09:20 973 ----a-r C:\Program Files\77F9277AE49C042FD98749C2E4458213
2001-08-30 09:20 970 ----a-r C:\Program Files\9BEA1CBCB3BCDB649CB447A6709D2871
2001-08-30 09:20 968 ----a-r C:\Program Files\EC480444BE051BF19CB447A6709D2871
2001-08-30 09:20 959 ----a-r C:\Program Files\A7C65690A21A9FF132691ED4234B0F9768D8B7444C3FF5EA
2001-08-30 09:20 959 ----a-r C:\Program Files\9258E108122751779DCED8A8972A8869
2001-08-30 09:20 959 ----a-r C:\Program Files\27B0B93042C513549CB447A6709D2871
2001-08-30 09:20 957 ----a-r C:\Program Files\F86485A2DC115BD29CB447A6709D2871
2001-08-30 09:20 957 ----a-r C:\Program Files\C4CCFB6F2594165557ACCA3954F05310
2001-08-30 09:20 954 ----a-r C:\Program Files\10BD8158E3A9BC3AD98749C2E4458213
2001-08-30 09:20 953 ----a-r C:\Program Files\3DC6B199407998E12FD2DBB586F912F1
2001-08-30 09:20 952 ----a-r C:\Program Files\7677F8D6015386A0
2001-08-30 09:20 943 ----a-r C:\Program Files\629F4421B3F068377EED2F70507FAF8A
2001-08-30 09:20 941 ----a-r C:\Program Files\3D03CB27A00A90329DCED8A8972A8869
2001-08-30 09:20 941 ----a-r C:\Program Files\3AC0FF22E2A805C22FD2DBB586F912F1
2001-08-30 09:20 939 ----a-r C:\Program Files\938F1546D631FEBC68D8B7444C3FF5EA
2001-08-30 09:20 937 ----a-r C:\Program Files\36485C55F3544281FD947A0B9DA1E5E3
2001-08-30 09:20 937 ----a-r C:\Program Files\07F405A790D097592FD2DBB586F912F1
2001-08-30 09:20 929 ----a-r C:\Program Files\CAAC6EB96E76B6E4D98749C2E4458213
2001-08-30 09:20 925 ----a-r C:\Program Files\797A672DEA9E59D1
2001-08-30 09:20 913 ----a-r C:\Program Files\5B499C0E6AD01072D98749C2E4458213
2001-08-30 09:20 911 ----a-r C:\Program Files\19BF8638CAE0089B9DCED8A8972A8869
2001-08-30 09:20 906 ----a-r C:\Program Files\E5106503A81B5139D98749C2E4458213
2001-08-30 09:20 9,630 ----a-r C:\Program Files\36485C55F354428168D8B7444C3FF5EA
2001-08-30 09:20 897 ----a-r C:\Program Files\6758836328296BBE
2001-08-30 09:20 895 ----a-r C:\Program Files\D7769BD9600CC0E368D8B7444C3FF5EA
2001-08-30 09:20 890 ----a-r C:\Program Files\E6BE113A2C77D79F68D8B7444C3FF5EA
2001-08-30 09:20 890 ----a-r C:\Program Files\3497ABE46F99CBB59CB447A6709D2871
2001-08-30 09:20 888 ----a-r C:\Program Files\947DE603F86843929CB447A6709D2871
2001-08-30 09:20 887 ----a-r C:\Program Files\0E0C7AAF9C349FC1
2001-08-30 09:20 884 ----a-r C:\Program Files\1D92321BCE9415B19CB447A6709D2871
2001-08-30 09:20 881 ----a-r C:\Program Files\2E5D1D3ABABBAA5E9CB447A6709D2871
2001-08-30 09:20 881 ----a-r C:\Program Files\21818B424916A28F68D8B7444C3FF5EA
2001-08-30 09:20 879 ----a-r C:\Program Files\A7C65690A21A9FF1F76307E864B37F25
2001-08-30 09:20 877 ----a-r C:\Program Files\8BBB5273585E99D24F1E31390980824F
2001-08-30 09:20 875 ----a-r C:\Program Files\49DBD4D7E8BAFC31D98749C2E4458213
2001-08-30 09:20 874 ----a-r C:\Program Files\CAB346CB522E77579CB447A6709D2871
2001-08-30 09:20 871 ----a-r C:\Program Files\261C4DB1AFDCB7972FD2DBB586F912F1
2001-08-30 09:20 865 ----a-r C:\Program Files\FFCF5FCD6FB8BA87D98749C2E4458213
2001-08-30 09:20 865 ----a-r C:\Program Files\C20BC971E41A64BFD98749C2E4458213
2001-08-30 09:20 865 ----a-r C:\Program Files\856F25B37B57FDB69CB447A6709D2871
2001-08-30 09:20 865 ----a-r C:\Program Files\3033EC1C1C52EF91D63FF4810F54AB57
2001-08-30 09:20 863 ----a-r C:\Program Files\E1A9B3CA2B06E1B8D98749C2E4458213
2001-08-30 09:20 863 ----a-r C:\Program Files\C42F47A27812F2FD
2001-08-30 09:20 859 ----a-r C:\Program Files\64B811DCE59E5B14D98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\E4DDE91603A66FD94F1E31390980824F
2001-08-30 09:20 849 ----a-r C:\Program Files\A8124A98DE88B67BD98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\A365BD726523CAA2F67191B868AB247A
2001-08-30 09:20 849 ----a-r C:\Program Files\83C254292EF258E9D98749C2E4458213
2001-08-30 09:20 849 ----a-r C:\Program Files\18505C7B14230E9FFC6476F73DFD099D68D8B7444C3FF5EA
2001-08-30 09:20 844 ----a-r C:\Program Files\A1368EC7746C8003
2001-08-30 09:20 833 ----a-r C:\Program Files\FBAA2CC490B69FAA
2001-08-30 09:20 833 ----a-r C:\Program Files\E42D7FBE355FC1FD9CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\8EDE47393915C1509CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\8873D513005CE3289DCED8A8972A8869
2001-08-30 09:20 833 ----a-r C:\Program Files\6DB34399DD8A93719CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\6ABDD4E3680EA6959CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\2C4D0B89F3FAE77B9CB447A6709D2871
2001-08-30 09:20 833 ----a-r C:\Program Files\087F22B452F84774D98749C2E4458213
2001-08-30 09:20 831 ----a-r C:\Program Files\FDEC777047A284EC9CB447A6709D2871
2001-08-30 09:20 831 ----a-r C:\Program Files\E7B3F53D4011F1D89CB447A6709D2871
2001-08-30 09:20 831 ----a-r C:\Program Files\4858A5171C529BF3D98749C2E4458213
2001-08-30 09:20 817 ----a-r C:\Program Files\D1A7DE369B338517BD438AAE4386CE99
2001-08-30 09:20 815 ----a-r C:\Program Files\51F0B8CF1DAE6059D98749C2E4458213
2001-08-30 09:20 814 ----a-r C:\Program Files\6CDBA3180A186E2BE9C1F8FB99B8A88F
2001-08-30 09:20 811 ----a-r C:\Program Files\3B1227EECC7B782E9CB447A6709D2871
2001-08-30 09:20 810 ----a-r C:\Program Files\88DFE0B1FB0ABEABD98749C2E4458213
2001-08-30 09:20 810 ----a-r C:\Program Files\38A7421063A91248BCEE04EDB38C491704D64AFBDE6580362FD2DBB586F912F1
2001-08-30 09:20 808 ----a-r C:\Program Files\69CE51850BC03E5768D8B7444C3FF5EA
2001-08-30 09:20 801 ----a-r C:\Program Files\B1227395A9F3027C68D8B7444C3FF5EA
2001-08-30 09:20 801 ----a-r C:\Program Files\A7D22A152A9BEFF42FD2DBB586F912F1
2001-08-30 09:20 801 ----a-r C:\Program Files\352DECE97604BAE99F7BC7ED334C30E8
2001-08-30 09:20 801 ----a-r C:\Program Files\07669A27490019999CB447A6709D2871
 
VegasMMA,

http://www.techsupportforum.com/secu...ease-help.html
The amount of infected computers is in epidemic proportions and we can not have more than one person helping you, what that does it takes someone away from helping someone else. You posted here for help, after I responded to you and started working on a fix. If I would have caught this earlier I would not have continued helping you until you made a decision as to what forum you wanted to help you. We all work together so it makes no difference to me if you stay in this forum or continue at TSF. If you want to continue here, you need to have the courtesy to inform them that your being helped here, on the same note, if you want to continue at TSF, then let me know and I will close this thead.
Click to expand...
http://www.techsupportforum.com/sec...s-log-help/214695-virtumonde-please-help.html
 
Last edited:
Ken, I'll continue to work with you. I will let TSF know when my computer loads the page. (It usualy takes about 45 mins.)
 
Thats fine, you have to understand we are all volunteers and spread pretty thin so man ( and Women power ) is an issue.

Why dont you right click on this one and go to properties and post the information. Everyone of these files is from the same time and date. See if you can find out who the entry is from, how large the file is and what type of file. I have a feeling that they may be able to be removed with no problem, but check for me first.

C:\Program Files\14AF136D45A676B5D98749C2E4458213
 
VegasMMA,

Please download the file that's attach.

From within it, double click on Restore.bat

Post back to tell me what it says
 
You must log in or register to reply here.
Back
Top