Croc

Members
  • Content Count

    6
  • Joined

  • Last visited

About Croc

  • Rank
    Member
  1. Croc

    Topsearch10?!?

    Hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:56:17, on 19/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\DeltTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 4609 bytes Thanks alot !
  2. Croc

    Topsearch10?!?

    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:26:19, on 19/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DeltTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3DE17103-AC5E-4059-A348-DFF8C0CF30E7} - C:\WINDOWS\system32\ddaya.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: {86228fef-8e12-270b-3f24-b12a36c2861d} - {d1682c63-a21b-42f3-b072-21e8fef82268} - C:\WINDOWS\system32\icmbeltg.dll O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - ktask.dll (file missing) O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [bM73fe8d8a] Rundll32.exe "C:\WINDOWS\system32\tdrajndv.dll",s O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 4971 bytes Cheers!
  3. Croc

    Topsearch10?!?

    Vundo log: VundoFix V7.0.3 Scan started at 16:35:27 19/03/2008 Listing files found while scanning.... C:\WINDOWS\system32\awtqonm.dll C:\WINDOWS\system32\lldxnxgr.dll C:\WINDOWS\system32\rgxnxdll.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\awtqonm.dll C:\WINDOWS\system32\awtqonm.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\lldxnxgr.dll C:\WINDOWS\system32\lldxnxgr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rgxnxdll.ini C:\WINDOWS\system32\rgxnxdll.ini Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\awtqonm.dll C:\WINDOWS\system32\awtqonm.dll Has been deleted! Performing Repairs to the registry. Done! Hijack this log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:46:24, on 19/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\DeltTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [70cdbe16] rundll32.exe "C:\WINDOWS\system32\lldxnxgr.dll",b O4 - HKLM\..\Run: [bM73fe8d8a] Rundll32.exe "C:\WINDOWS\system32\tdrajndv.dll",s O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 4837 bytes Thanks alot!
  4. Croc

    Topsearch10?!?

    Here's the latest hijack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:25:40, on 19/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\DeltTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6B3E61A6-CB38-4772-8449-93CA79ECCA08} - C:\WINDOWS\system32\ddaya.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtqonm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: {86228fef-8e12-270b-3f24-b12a36c2861d} - {d1682c63-a21b-42f3-b072-21e8fef82268} - C:\WINDOWS\system32\icmbeltg.dll O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - ktask.dll (file missing) O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [70cdbe16] rundll32.exe "C:\WINDOWS\system32\lldxnxgr.dll",b O4 - HKLM\..\Run: [bM73fe8d8a] Rundll32.exe "C:\WINDOWS\system32\tdrajndv.dll",s O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: awtqonm - C:\WINDOWS\SYSTEM32\awtqonm.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 5569 bytes Thanks alot!
  5. Croc

    Topsearch10?!?

    Hijack this log : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:52:17, on 19/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\DeltTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\awtqonm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - ktask.dll (file missing) O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: awtqonm - C:\WINDOWS\SYSTEM32\awtqonm.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 5340 bytes Combofix log: ComboFix 08-03-18.1 - H Kalsi 2008-03-19 14:42:28.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.260 [GMT 0:00] Running from: C:\Documents and Settings\H Kalsi\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\outlook C:\Program Files\outlook\p.zip C:\Program Files\outlook\v.tmp C:\Program Files\winupdates C:\Program Files\winupdates\a.tmp C:\Program Files\winupdates\a.zip C:\WINDOWS\BM73fe8d8a.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\abcromvi.dll C:\WINDOWS\system32\ahpsjhmg.dll C:\WINDOWS\system32\alog.txt C:\WINDOWS\system32\atcfctlx.dll C:\WINDOWS\system32\ayctgxso.ini C:\WINDOWS\system32\bbesdkvb.ini C:\WINDOWS\system32\bojxipyj.ini C:\WINDOWS\system32\cjcakenl.ini C:\WINDOWS\system32\cjxjyods.dll C:\WINDOWS\system32\cmcsijks.dll C:\WINDOWS\system32\cnmjapbn.dll C:\WINDOWS\system32\conf.dat C:\WINDOWS\system32\dbfqnjbq.dll C:\WINDOWS\system32\eqksawxr.ini C:\WINDOWS\system32\etxidgxu.dll C:\WINDOWS\system32\gngsjxid.dll C:\WINDOWS\system32\hbplrvyr.ini C:\WINDOWS\system32\hrapvtiv.ini C:\WINDOWS\system32\hwcymshx.ini C:\WINDOWS\system32\ivmorcba.ini C:\WINDOWS\system32\iwxwxfof.dll C:\WINDOWS\system32\jbsbepbo.ini C:\WINDOWS\system32\jmarsufr.ini C:\WINDOWS\system32\kadnknrm.ini C:\WINDOWS\system32\kebywdku.dll C:\WINDOWS\system32\kkxgxkty.dll C:\WINDOWS\system32\kmvcujyt.dll C:\WINDOWS\system32\lnekacjc.dll C:\WINDOWS\system32\lxrubaum.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\muaburxl.ini C:\WINDOWS\system32\obpebsbj.dll C:\WINDOWS\system32\opqss.ini C:\WINDOWS\system32\opqss.ini2 C:\WINDOWS\system32\osxgtcya.dll C:\WINDOWS\system32\rfusramj.dll C:\WINDOWS\system32\rmsxqmhw.ini C:\WINDOWS\system32\rxurfmxk.dll C:\WINDOWS\system32\rxwaskqe.dll C:\WINDOWS\system32\sbtcahsf.dll C:\WINDOWS\system32\ssqpo.dll C:\WINDOWS\system32\twgswpkd.dll C:\WINDOWS\system32\tyjucvmk.ini C:\WINDOWS\system32\ujgtjguy.ini C:\WINDOWS\system32\vhosts.exe C:\WINDOWS\system32\vitvparh.dll C:\WINDOWS\system32\vkhkbteh.dll C:\WINDOWS\system32\vmgsgmvk.dll C:\WINDOWS\system32\wbckgpsu.dll C:\WINDOWS\system32\whmqxsmr.dll C:\WINDOWS\system32\xbhuufsb.ini C:\WINDOWS\system32\xhsmycwh.dll C:\WINDOWS\system32\xorfqqrf.ini C:\WINDOWS\system32\yjvtxoho.ini C:\WINDOWS\system32\yugjtgju.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MSUPDATE -------\Service_msupdate ((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))) . 2008-03-17 14:05 . 2008-03-17 14:05 <DIR> d-------- C:\Program Files\Trend Micro 2008-03-16 21:20 . 2008-03-16 21:20 <DIR> d-------- C:\Program Files\Windows Defender 2008-03-13 21:22 . 2008-03-17 16:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-13 21:22 . 2008-03-13 21:22 1,409 --a------ C:\WINDOWS\QTFont.for 2008-03-13 08:09 . 2008-03-13 08:09 1,974 ---hs---- C:\WINDOWS\system32\foxlstso.tmp 2008-02-19 11:28 . 2008-03-16 20:37 1,751,388 ---hs---- C:\WINDOWS\system32\jgulmgcn.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-19 14:05 --------- d-----w C:\Documents and Settings\H Kalsi\Application Data\Skype 2008-03-17 16:11 --------- d-----w C:\Documents and Settings\H Kalsi\Application Data\AdobeUM 2008-03-16 20:34 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-03-16 20:34 --------- d-----w C:\Documents and Settings\H Kalsi\Application Data\uTorrent 2008-02-08 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-11-26 18:28 42,888 ----a-w C:\Documents and Settings\H Kalsi\Application Data\GDIPFONTCACHEV1.DAT 2006-06-04 00:25 446,512 ----a-w C:\Program Files\mozilla firefox\plugins\MPAMedia.dll 2006-06-04 00:25 41,001 ----a-w C:\Program Files\mozilla firefox\plugins\mpazip.dll 2006-06-04 00:25 28,716 ----a-w C:\Program Files\mozilla firefox\plugins\pdbm3210.dll 2006-06-04 00:25 73,783 ----a-w C:\Program Files\mozilla firefox\plugins\pdgenxferplug.dll 2006-06-04 00:25 49,197 ----a-w C:\Program Files\mozilla firefox\plugins\rjcfspln.dll 2006-06-04 00:25 61,483 ----a-w C:\Program Files\mozilla firefox\plugins\rjm4pln.dll 2006-06-04 00:25 45,101 ----a-w C:\Program Files\mozilla firefox\plugins\rjmp3pln.dll 2006-06-04 00:25 24,621 ----a-w C:\Program Files\mozilla firefox\plugins\rjrmapln.dll 2006-06-04 00:25 409,645 ----a-w C:\Program Files\mozilla firefox\plugins\rjrmjpln.dll 2006-06-04 00:25 73,773 ----a-w C:\Program Files\mozilla firefox\plugins\rjrmxpln.dll 2006-06-04 00:25 176,171 ----a-w C:\Program Files\mozilla firefox\plugins\tcdinfo.dll 2006-06-04 00:25 430,123 ----a-w C:\Program Files\mozilla firefox\plugins\tdwnmgr.dll 2006-06-04 00:25 57,383 ----a-w C:\Program Files\mozilla firefox\plugins\teall.dll 2006-06-04 00:25 61,480 ----a-w C:\Program Files\mozilla firefox\plugins\team4a.dll 2006-06-04 00:25 98,345 ----a-w C:\Program Files\mozilla firefox\plugins\teamp3.dll 2006-06-04 00:25 61,480 ----a-w C:\Program Files\mozilla firefox\plugins\teasdk.dll 2006-06-04 00:25 36,907 ----a-w C:\Program Files\mozilla firefox\plugins\teawave.dll 2006-06-04 00:25 45,097 ----a-w C:\Program Files\mozilla firefox\plugins\teawma.dll 2006-06-04 00:25 77,865 ----a-w C:\Program Files\mozilla firefox\plugins\tpdmgr.dll 2006-06-04 00:25 86,064 ----a-w C:\Program Files\mozilla firefox\plugins\wmaimprtpln.dll 2004-08-04 04:00 28,672 ----a-w C:\Program Files\opera\program\plugins\custsat.dll 2004-08-04 04:00 368,640 ----a-w C:\Program Files\opera\program\plugins\mpvis.dll 2004-08-11 00:45 47,616 ----a-w C:\Program Files\opera\program\plugins\msoobci.dll 2004-08-04 04:00 98,304 ----a-w C:\Program Files\opera\program\plugins\wmpband.dll 2004-08-04 04:00 221,184 ----a-w C:\Program Files\opera\program\plugins\wmpns.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}] 2007-12-10 15:49 23728 --a------ C:\WINDOWS\system32\awtqonm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1290342-AAFF-4f7c-9F45-D665E4BF1A00}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 07:50 139264] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 15:19 53248] "DeltTray"="DeltTray.exe" [2004-08-26 22:43 56320 C:\WINDOWS\system32\delttray.exe] "M-Audio Delta Taskbar Icon"="C:\WINDOWS\System32\DeltTray.exe" [2004-08-26 22:43 56320] "EPSON Stylus DX3800 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.exe" [2005-02-08 04:00 98304] "LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 17:32 155648] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:00 15360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\awtqonm.dll [2007-12-10 15:49 23728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtqonm] awtqonm.dll 2007-12-10 15:49 23728 C:\WINDOWS\system32\awtqonm.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Free WebSite Tools.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Free WebSite Tools.lnk backup=C:\WINDOWS\pss\Free WebSite Tools.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KBC Financial Products VPN Client.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KBC Financial Products VPN Client.lnk backup=C:\WINDOWS\pss\KBC Financial Products VPN Client.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] --a------ 2004-07-19 06:51 306688 C:\Program Files\Dell Support\DSAgnt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] --a------ 2005-11-01 02:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eyeball Chat] --a------ 2002-10-11 13:52 2863176 C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-06-10 09:44 249856 c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-06-10 09:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] --a------ 2002-12-10 17:31 61440 C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] --a------ 2002-12-10 16:54 127022 C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe] --a------ 2005-07-12 18:05 1117184 C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 09:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2006-10-25 18:58 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] --a------ 2006-06-04 00:25 208941 C:\Program Files\Real\RealPlayer\RealPlay.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shellapi32] --a------ 2006-10-31 15:14 36120 C:\WINDOWS\system32\svcnet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-09-13 13:31 22880040 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-06-04 00:25 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\StubInstaller.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\Program Files\\Eyeball\\Eyeball Chat\\EyeballChat.exe"= "C:\\Program Files\\Golden FTP Server\\GFTP.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\uTorrent\\utorrent.exe"= "C:\\Program Files\\Soulseek-Test\\slsk.exe"= "C:\\Program Files\\DC++\\DCPlusPlus.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\Program Files\\NetMeeting\\conf.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0);C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 13:16] R3 USBMN2X2;M-Audio USB MidiSport 2x2;C:\WINDOWS\system32\drivers\usbmn2x2.sys [2007-12-15 12:45] S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 07:51] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 07:51] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 07:51] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 07:51] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 07:51] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 07:51] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 07:51] S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;C:\WINDOWS\system32\drivers\usb22ldr.sys [2007-12-15 12:45] S3 USBMM2X2;Midiman USB MidiSport 2x2 Midi Driver;C:\WINDOWS\system32\drivers\usbmm2x2.sys [] . Contents of the 'Scheduled Tasks' folder "2008-03-12 20:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-19 02:03:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-19 14:48:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\awtqonm.dll PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\WINDOWS\system32\wsock3.dll . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe . ************************************************************************** . Completion time: 2008-03-19 14:50:38 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-19 14:50:34 Thanks!
  6. Hi Every time I search in google, the first entry of the results always directs me to 'topsearch10' search page. I've noticed that my internet's been a bit weird (slow, unresponsive) since this has started too. Hope someone can help! Here's a log file from hijack this: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:05:56, on 17/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\System32\DeltTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.co.uk/myway O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [70cdbe16] rundll32.exe "C:\WINDOWS\system32\kmvcujyt.dll",b O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [bM73fe8d8a] Rundll32.exe "C:\WINDOWS\system32\cjxjyods.dll",s O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O10 - Unknown file in Winsock LSP: wsock3.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1149081401281 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe -- End of file - 5292 bytes Thanks!