Sponsored By

taff-l

Members
  • Content Count

    5
  • Joined

  • Last visited

Posts posted by taff-l


  1. Okay, Completed the three steps. Had to wait until last night to perform f-secure scan. took hours. Here's the report

    Actions:

    Disinfected: 0

    Renamed: 0

    Deleted: 0

    None: 0

    Submitted: 0

    Files not scanned:

    C:\HIBERFIL.SYS

    C:\PAGEFILE.SYS

    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

    C:\WINDOWS\SYSTEM32\CONFIG\SAM

    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY

    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE

    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

    C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{DF8C94BA-89A9-480B-9C06-71170D1CE7FC}.BIN

    C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL

    C:\DOCUMENTS AND SETTINGS\USER TAFF\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS DEFENDER\FILETRACKER\{E781F0D8-6040-4B9E-95A2-42274E67EA64}

    C:\DOCUMENTS AND SETTINGS\USER TAFF\APPLICATION DATA\SYMANTEC\NPMDATASTORE\CIMSTORE.XML

    J:\WINDOWS\$NTUNINSTALLKB835732$\CALLCONT.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\GDI32.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\H323.TSP

    J:\WINDOWS\$NTUNINSTALLKB835732$\H323MSP.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\HELPCTR.EXE

    J:\WINDOWS\$NTUNINSTALLKB835732$\IPNATHLP.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\LSASRV.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\MF3216.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\MSASN1.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\MSGINA.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\MST120.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\NETAPI32.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\NMCOM.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\RTCDLL.DLL

    J:\WINDOWS\$NTUNINSTALLKB835732$\SCHANNEL.DLL


  2. Okay followed steps laid out above:

    Things of note:-

    hijackthis.log file ran at start renamed to hijackthis-step1.log

    Ran combofix (when the program rebooted the computer spybot search and destroy started - this was shutdown on the toolbar)

    hijackthis.log file run at end renamed to hijackthis-step2.log

    As a note: When can i turn on my Virus protection programs -- for what there worth :blush:

    Heres the files:-

    HIJACKTHIS-STEP1.log

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:36:00, on 04/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\WINDOWS\system32\slserv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\Digital Media Reader\shwiconem.exe

    C:\WINDOWS\zHotkey.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\ALCWZRD.EXE

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\BigFix\BigFix.exe

    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    C:\Program Files\Palm\Hotsync.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\system32\rundll32.exe

    C:\WINDOWS\explorer.exe

    C:\Documents and Settings\User Taff\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

    O4 - HKLM\..\Run: [showWnd] ShowWnd.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\Run: [cc861cbe] rundll32.exe "C:\WINDOWS\system32\gjjrjudw.dll",b

    O4 - HKLM\..\Run: [bMcfb52f22] Rundll32.exe "C:\WINDOWS\system32\hpubvuai.dll",s

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk

    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173285940875

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179774403453

    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 9654 bytes

    COMBOFIX

    ComboFix 08-04-03.5 - User Taff 2008-04-04 11:42:26.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1984 [GMT 1:00]

    Running from: C:\Documents and Settings\User Taff\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\User Taff\Desktopvirii

    C:\WINDOWS\BMcfb52f22.xml

    C:\WINDOWS\pskt.ini

    C:\WINDOWS\system32\aJSuCcfe.ini

    C:\WINDOWS\system32\aJSuCcfe.ini2

    C:\WINDOWS\system32\cdotsqow.dll

    C:\WINDOWS\system32\cxoellsi.dll

    C:\WINDOWS\system32\efcCuSJa.dll

    C:\WINDOWS\system32\gjjrjudw.dll

    C:\WINDOWS\system32\gkmpivjx.ini

    C:\WINDOWS\system32\hpubvuai.dll

    C:\WINDOWS\system32\KRrqttwa.ini

    C:\WINDOWS\system32\KRrqttwa.ini2

    C:\WINDOWS\system32\mcrh.tmp

    C:\WINDOWS\system32\pmnnLBtu.dll

    C:\WINDOWS\system32\wdujrjjg.ini

    C:\WINDOWS\system32\wvUoMfgG.dll

    C:\WINDOWS\system32\xjvipmkg.dll

    C:\WINDOWS\Web\def.htm

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\Legacy_WINDOWS_MANAGEMENT_SERVICE

    ((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))

    .

    2008-04-04 11:29 . 2008-04-04 11:29 30,760 --a------ C:\WINDOWS\system32\nqsiskzo.exe

    2008-04-03 21:05 . 2008-04-03 21:05 294 ---hs---- C:\WINDOWS\system32\xrgrbiyu.ini

    2008-04-03 19:47 . 2008-04-03 19:47 <DIR> d-------- C:\Program Files\Lavasoft

    2008-04-03 19:47 . 2008-04-03 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

    2008-04-03 18:54 . 2008-04-03 18:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

    2008-04-03 18:54 . 2008-04-03 19:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2008-04-03 15:27 . 2008-04-01 10:57 <DIR> d-------- C:\SDFix

    2008-04-03 14:34 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll

    2008-04-03 13:31 . 2007-07-09 14:16 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    2008-04-03 13:02 . 2008-04-03 13:02 <DIR> d-------- C:\Documents and Settings\User Taff\Application Data\Symantec

    2008-04-03 12:55 . 2008-04-03 12:55 <DIR> d-------- C:\Program Files\Windows Sidebar

    2008-04-03 12:52 . 2008-04-03 12:59 <DIR> d-------- C:\Program Files\Norton Internet Security

    2008-04-03 12:47 . 2008-04-03 12:58 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

    2008-04-03 12:47 . 2008-04-03 12:58 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

    2008-04-03 12:47 . 2008-04-03 12:58 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT

    2008-04-03 12:47 . 2008-04-03 12:58 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF

    2008-04-03 12:45 . 2008-04-03 12:58 <DIR> d-------- C:\Program Files\Symantec

    2008-04-03 12:45 . 2008-04-03 13:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

    2008-04-03 12:41 . 2008-04-04 11:48 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared

    2008-04-03 12:32 . 2008-04-03 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

    2008-04-03 07:45 . 2008-04-03 07:45 2,033 --a------ C:\WINDOWS\system32\ujfcsbmd.dll

    2008-04-03 07:42 . 2008-04-03 07:42 2,033 --a------ C:\WINDOWS\system32\nutgotmo.exe

    2008-04-03 00:37 . 2007-06-01 19:28 1,523 --a------ C:\WINDOWS\wowfx.dll

    2008-04-02 22:13 . 2008-04-02 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools

    2008-04-02 22:13 . 2008-04-02 22:05 159,112 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys

    2008-04-02 22:05 . 2008-04-02 22:13 <DIR> d-------- C:\Program Files\Common Files\PC Tools

    2008-04-02 20:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

    2008-04-02 20:59 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

    2008-04-02 20:58 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui

    2008-04-02 20:58 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

    2008-04-02 20:58 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui

    2008-04-02 20:58 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

    2008-04-02 19:55 . 2001-12-15 01:04 76,800 --a------ C:\WINDOWS\system32\REGACAD.DLL

    2008-04-02 19:55 . 2001-12-15 01:04 41,984 --a------ C:\WINDOWS\system32\ADIMON.DLL

    2008-04-02 19:55 . 2008-04-02 19:55 0 --a------ C:\WINDOWS\MTSTACK.INI

    2008-04-02 19:50 . 2008-04-02 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\hmdifclg

    2008-04-02 19:26 . 2008-04-02 19:26 4,096 --a------ C:\Documents and Settings\User Taff\DesktopTrojan.Win32.BlackBird.exe

    2008-04-02 19:26 . 2008-04-02 19:26 4,096 --a------ C:\Documents and Settings\User Taff\DesktopFWebdEditor.exe

    2008-04-02 19:26 . 2008-04-02 19:26 4,096 --a------ C:\Documents and Settings\User Taff\Desktopfwebd.exe

    2008-04-02 19:26 . 2008-04-02 19:26 4,096 --a------ C:\Documents and Settings\User Taff\Desktopfkwp2.0.exe

    2008-04-02 19:26 . 2008-04-02 19:26 4,096 --a------ C:\Documents and Settings\User Taff\Desktopfkwp1.5.exe

    2008-04-02 19:26 . 2008-04-02 19:26 4,096 --a------ C:\Documents and Settings\User Taff\Desktopfilemanagerclient.exe

    2008-04-02 19:26 . 2008-04-02 19:26 4,096 --a------ C:\Documents and Settings\User Taff\DesktopEditorFKWP2.0.exe

    2008-04-02 19:26 . 2008-04-02 19:26 4,096 --a------ C:\Documents and Settings\User Taff\DesktopEditorFKWP1.5.exe

    2008-04-02 16:19 . 2008-04-02 16:19 1,032 --a------ C:\WINDOWS\_profsect_0001.tmp

    2008-04-02 15:37 . 2008-04-02 15:37 <DIR> d-------- C:\Program Files\IMSIDesign

    2008-04-02 15:37 . 2008-04-02 15:37 <DIR> d-------- C:\Documents and Settings\User Taff\Application Data\IMSIDesign

    2008-04-02 15:37 . 2008-04-02 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IMSIDesign

    2008-04-01 21:40 . 2008-04-01 21:40 <DIR> d-------- C:\Program Files\GrayTech

    2008-04-01 21:40 . 2002-07-16 05:54 462,848 --a------ C:\WINDOWS\system32\DFORMD.DLL

    2008-04-01 21:40 . 1997-10-23 09:21 11,232 --a------ C:\WINDOWS\system32\_iwdinst.exe

    2008-04-01 15:28 . 2008-04-01 15:32 <DIR> d-------- C:\Program Files\MeshCAM2

    2008-03-31 23:37 . 2008-04-01 19:13 <DIR> d-------- C:\Program Files\WinPC-NC Economy Demo

    2008-03-31 23:37 . 2002-02-13 06:00 1,497,088 --a------ C:\WINDOWS\system32\Cc3260mt.dll

    2008-03-31 23:37 . 2002-02-13 06:00 1,326,080 --a------ C:\WINDOWS\system32\Vcl60.bpl

    2008-03-31 23:37 . 2003-03-17 05:04 685,056 --a------ C:\WINDOWS\system32\Rtl60.bpl

    2008-03-31 23:37 . 2006-03-31 07:50 648,192 --a------ C:\WINDOWS\system32\Ksts7.dll

    2008-03-31 23:37 . 2006-03-31 07:50 520,192 --a------ C:\WINDOWS\system32\Ksetup.exe

    2008-03-31 23:37 . 2006-04-03 16:39 262,208 --a------ C:\WINDOWS\system32\Ksts7.sys

    2008-03-31 23:37 . 2006-01-16 20:57 77,824 --a------ C:\WINDOWS\system32\GkSui20.EXE

    2008-03-31 23:37 . 2008-03-31 23:37 70,656 --a------ C:\WINDOWS\cabarc.exe

    2008-03-31 23:37 . 2002-02-13 07:00 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll

    2008-03-31 23:37 . 2006-05-10 22:01 2,580 --a------ C:\WINDOWS\system32\Ksts7-027485.inf

    2008-03-29 14:57 . 2008-04-01 12:39 54,156 --ah----- C:\WINDOWS\QTFont.qfn

    2008-03-29 14:57 . 2008-03-29 14:57 1,409 --a------ C:\WINDOWS\QTFont.for

    2008-03-26 19:55 . 2008-03-26 19:55 <DIR> d-------- C:\Logs

    2008-03-06 03:14 . 2008-03-06 03:14 790,528 --a------ C:\WINDOWS\system32\VCF132.OCX

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2008-04-04 09:28 --------- d-----w C:\Program Files\QuickTime

    2008-04-03 20:33 --------- d-----w C:\Program Files\World of Warcraft

    2008-04-03 18:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

    2008-04-03 12:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

    2008-04-03 12:18 --------- d-----w C:\Program Files\Spyware Doctor

    2008-04-03 10:54 --------- d-----w C:\Program Files\XoftSpySE

    2008-04-02 18:01 --------- d-----w C:\Program Files\eMachineShop

    2008-03-06 20:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

    2008-03-06 20:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

    2008-03-06 20:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

    2008-02-24 14:04 --------- d-----w C:\Program Files\AGEIA Technologies

    2008-02-24 13:59 --------- d--h--w C:\Program Files\InstallShield Installation Information

    2008-02-24 13:59 --------- d-----w C:\Program Files\Sony

    2008-02-24 13:59 --------- d-----w C:\Program Files\Flying Lab Software

    2008-02-06 21:43 31,408 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys

    2008-02-06 21:43 13,021 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat

    2008-02-05 19:34 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys

    2008-02-05 19:34 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys

    2008-02-05 19:34 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys

    2008-02-05 19:34 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys

    2008-02-05 19:34 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys

    2008-02-05 19:34 188,464 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys

    2008-02-05 19:34 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys

    2008-02-05 19:34 1,612 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf

    2008-02-04 20:27 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf

    2008-02-04 20:27 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf

    2008-02-04 20:27 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf

    2007-08-28 14:30 4,950,890 ----a-w C:\Documents and Settings\model rail\Scalescenes_R013_TX04_OO.zip

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{07372FDD-C7F4-C5BF-7500-0468710BF484}]

    C:\WINDOWS\system32\ununyfcz.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ADF9EBD-60A1-45B9-A2FF-9006CEFB4A87}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

    2008-02-07 05:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

    2008-04-03 12:54 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7CE67716-5803-4FB7-B344-0C7A17F93B5D}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8F692C05-46F1-40F3-99C7-4D9CE3BD850C}]

    C:\WINDOWS\system32\awttqrRK.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 05:05 349552]

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 05:05 349552]

    [HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

    [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]

    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-29 20:21 68856]

    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-13 22:10 339968]

    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]

    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 20:42 32768]

    "SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 16:18 135168]

    "@"="" []

    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

    "CHotkey"="zHotkey.exe" [2004-05-17 18:30 543232 C:\WINDOWS\zHotkey.exe]

    "ShowWnd"="ShowWnd.exe" [2003-09-19 09:09 36864 C:\WINDOWS\ShowWnd.exe]

    "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 11:32 50688]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [ ]

    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]

    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]

    "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]

    "SoundMan"="SOUNDMAN.EXE" [2006-05-04 16:22 86016 C:\WINDOWS\SoundMan.exe]

    "AlcWzrd"="ALCWZRD.EXE" [2006-05-04 16:26 2808832 C:\WINDOWS\alcwzrd.exe]

    "Alcmtr"="ALCMTR.EXE" [2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe]

    "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]

    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

    "BMcfb52f22"="C:\WINDOWS\system32\fhdxnhco.dll" [ ]

    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-26 02:47 51048]

    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 07:49 718704]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2002-01-01 06:57:48 1742384]

    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2007-05-10 21:07:04 28672]

    EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2005-09-26 15:30:20 131584]

    HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34 471040]

    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnnLBtu]

    pmnnLBtu.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "vidc.tscc"= tscc.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=

    "C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=

    "C:\\NetObjects Fusion 2.0.2\\Fusion.exe"=

    "C:\\Program Files\\LimeWire\\LimeWire.exe"=

    "C:\\WINDOWS\\system32\\dpvsetup.exe"=

    "C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=

    "C:\\WINDOWS\\system32\\rundll32.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R0 Pnp680;SiI 680 ATA Controller;C:\WINDOWS\system32\DRIVERS\pnp680.sys [2006-11-15 11:32]

    R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-04-02 22:05]

    R2 GenPort;GenPort;C:\WINDOWS\system32\drivers\GenPort.sys [1998-12-23 20:20]

    R2 GenPort2;GenPort2;C:\WINDOWS\system32\drivers\GenPort2.sys [1998-12-23 21:23]

    R2 Kithara-Ksts7;Kithara Tool Suite 7 Runtime;C:\WINDOWS\system32\Ksts7.sys [2006-04-03 16:39]

    R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []

    R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\plcndis5.sys [2004-05-17 10:21]

    R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 22:43]

    S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

    S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;C:\WINDOWS\System32\PLCMPR5.SYS []

    S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-02-06 22:43]

    *Newly Created Service* - COMHOST

    .

    Contents of the 'Scheduled Tasks' folder

    "2008-04-04 10:54:02 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

    - C:\Program Files\Windows Defender\MpCmdRun.exe

    "2008-04-03 12:03:35 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - User Taff.job"

    - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:

    "2008-04-04 10:50:55 C:\WINDOWS\Tasks\XoftSpySE 2.job"

    - C:\Program Files\XoftSpySE\XoftSpy.exe

    "2007-08-21 13:32:20 C:\WINDOWS\Tasks\XoftSpySE.job"

    - C:\Program Files\XoftSpySE\XoftSpy.exe

    .

    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2008-04-04 11:51:21

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    ------------------------ Other Running Processes ------------------------

    .

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\WINDOWS\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Completion time: 2008-04-04 11:55:22 - machine was rebooted

    ComboFix-quarantined-files.txt 2008-04-04 10:55:18

    Pre-Run: 88,493,543,424 bytes free

    Post-Run: 89,035,546,624 bytes free

    .

    2008-04-03 19:51:05 --- E O F ---

    HIJACKTHIS-STEP2.log

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:57:28, on 04/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\BigFix\BigFix.exe

    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\Palm\Hotsync.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\explorer.exe

    C:\Documents and Settings\User Taff\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {07372FDD-C7F4-C5BF-7500-0468710BF484} - C:\WINDOWS\system32\ununyfcz.dll (file missing)

    O2 - BHO: (no name) - {0ADF9EBD-60A1-45B9-A2FF-9006CEFB4A87} - (no file)

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: (no name) - {8F692C05-46F1-40F3-99C7-4D9CE3BD850C} - C:\WINDOWS\system32\awttqrRK.dll (file missing)

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

    O4 - HKLM\..\Run: [showWnd] ShowWnd.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk

    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173285940875

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179774403453

    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

    O20 - Winlogon Notify: pmnnLBtu - pmnnLBtu.dll (file missing)

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 10530 bytes


  3. Okay, follwed the advice found on this forum. Downloaded and ran "Spybot Search and Destroy" and "Ad Aware SE Personal". Re ran HijackTHIS, heres the latest hijackThis log:-

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)

    Scan saved at 20:42:11, on 03/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\WINDOWS\system32\slserv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\Digital Media Reader\shwiconem.exe

    C:\WINDOWS\zHotkey.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\ALCWZRD.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\BigFix\BigFix.exe

    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    C:\Program Files\Palm\Hotsync.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    C:\Documents and Settings\User Taff\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {07372FDD-C7F4-C5BF-7500-0468710BF484} - C:\WINDOWS\system32\ununyfcz.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: (no name) - {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - C:\WINDOWS\system32\pmnnLBtu.dll

    O2 - BHO: (no name) - {8F692C05-46F1-40F3-99C7-4D9CE3BD850C} - C:\WINDOWS\system32\awttqrRK.dll (file missing)

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

    O4 - HKLM\..\Run: [showWnd] ShowWnd.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [pwjoxqji] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pwjoxqji.dll"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKLM\..\RunOnce: [spybotDeletingC871] cmd /c del "C:\WINDOWS\system32\awttqrRK.dll_old"

    O4 - HKLM\..\RunOnce: [spybotDeletingA1897] command /c del "C:\WINDOWS\system32\pelmmxch.dll_old"

    O4 - HKLM\..\RunOnce: [spybotDeletingC575] cmd /c del "C:\WINDOWS\system32\pelmmxch.dll_old"

    O4 - HKLM\..\RunOnce: [spybotDeletingC8465] cmd /c del "C:\WINDOWS\system32\awttqrRK.dll_old"

    O4 - HKLM\..\RunOnce: [spybotDeletingA9138] command /c del "C:\WINDOWS\system32\pelmmxch.dll_old"

    O4 - HKLM\..\RunOnce: [spybotDeletingC8911] cmd /c del "C:\WINDOWS\system32\pelmmxch.dll_old"

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    O4 - HKCU\..\RunOnce: [spybotDeletingB5347] command /c del "C:\WINDOWS\system32\awttqrRK.dll_old"

    O4 - HKCU\..\RunOnce: [spybotDeletingB6024] command /c del "C:\WINDOWS\system32\pelmmxch.dll_old"

    O4 - HKCU\..\RunOnce: [spybotDeletingD7857] cmd /c del "C:\WINDOWS\system32\pelmmxch.dll_old"

    O4 - HKCU\..\RunOnce: [spybotDeletingB9482] command /c del "C:\WINDOWS\system32\pelmmxch.dll_old"

    O4 - HKCU\..\RunOnce: [spybotDeletingD1169] cmd /c del "C:\WINDOWS\system32\pelmmxch.dll_old"

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk

    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173285940875

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179774403453

    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

    O20 - Winlogon Notify: pmnnLBtu - C:\WINDOWS\SYSTEM32\pmnnLBtu.dll

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    --

    End of file - 12596 bytes


  4. Okay guys I really hope you can solve this for me. I've downloaded hijackthis however it seems to be version V2.0.0 (beta) hope this doesn't hinder the remedy. I was running Spyware Doctor at the start of my "infection" but changed to Norton Security in an atemptto rid myself of this problem :angry:

    Heres my Log file:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)

    Scan saved at 15:31:17, on 03/04/2008

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\System32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

    C:\Program Files\Digital Media Reader\shwiconem.exe

    C:\WINDOWS\zHotkey.exe

    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\WINDOWS\SOUNDMAN.EXE

    C:\WINDOWS\ALCWZRD.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    C:\WINDOWS\system32\slserv.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\BigFix\BigFix.exe

    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    C:\Program Files\Palm\Hotsync.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\User Taff\Desktop\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {07372FDD-C7F4-C5BF-7500-0468710BF484} - C:\WINDOWS\system32\ununyfcz.dll

    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)

    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O2 - BHO: (no name) - {7CE67716-5803-4FB7-B344-0C7A17F93B5D} - C:\WINDOWS\system32\pmnnLBtu.dll

    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

    O2 - BHO: {d709fa4c-7194-d3d8-1404-d7da3c57d2cc} - {cc2d75c3-ad7d-4041-8d3d-4917c4af907d} - C:\WINDOWS\system32\pelmmxch.dll

    O2 - BHO: (no name) - {E114F17E-82ED-499E-822C-0960DCDCB575} - C:\WINDOWS\system32\awttqrRK.dll

    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll

    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

    O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

    O4 - HKLM\..\Run: [showWnd] ShowWnd.exe

    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

    O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

    O4 - HKLM\..\Run: [pwjoxqji] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pwjoxqji.dll"

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe

    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE

    O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)

    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk

    O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173285940875

    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179774403453

    O20 - Winlogon Notify: pmnnLBtu - C:\WINDOWS\SYSTEM32\pmnnLBtu.dll

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

    O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\System32\dmwen.exe (file missing)

    --

    End of file - 10939 bytes

    Really hope you can help me :rolleyes: